Data collection steps for troubleshooting VirusScan Enterprise issues
技術的な記事 ID:
KB89433
最終更新: 5/21/2020
最終更新: 5/21/2020
環境
概要
This article provides basic information about how to collect data for troubleshooting the following VSE issues:
Depending on the issue, you might need the following tools:
- Slow boot or startup
- Slow logon
- Slow application startup (reproducible or random)
- Slow application performance (reproducible or random)
- Slow system performance (reproducible or random)
- System becomes unresponsive or deadlock
- Application becomes unresponsive (not responding and does not recover)
- One or more VSE components fail to install
Depending on the issue, you might need the following tools:
- AMTrace - Internal tool to collect log data from SysCore and VSCore
- Windows Performance Recorder - Microsoft Tool
- Process Monitor - Microsoft Tool
解決策
How to use AMTrace to collect logging data from AMCore:
AMTrace -q
Back to top
- Prepare AMTrace:
- Download the zip package
VSEDataCollect.zip from the Attachment section of this article. - Extract the contents to the Desktop.
- Download the zip package
- Run AMTrace:
- Click Start, type
cmd.exe in the Search bar, right-clickcmd.exe from the list, and click Run as administrator. - When you are ready to start a trace, use the command option below for the relevant data collection section:
NOTE: The following are the paths to theAMTrace.exe file locations:
C:\Users\username\Desktop\VSEDataCollect\AMTracex86 C:\Users\username\Desktop\VSEDataCollect\AMTracex64
- To use the AMTrace
onboot option, run the following command:AMTrace.exe -b onboot -m 4GB This command instructs the tool to begin a trace at the next boot.
NOTES:- The "GB" is case sensitive. This example limits the log size to 4 GB. 10 MB is the minimum accepted value, and 2 GB is the default, if not specified.
- This option does not support the alternative logging modes described below.
- To use AMTrace with the now option, run the following command:
AMTrace.exe -b now -m 4GB
IMPORTANT: AMTrace now uses the rollover option by default.This command instructs the tool to begin a trace immediately, and to limit the log size to 4 GB per.etl file. When the log reaches 4 GB, a new log is created. The system appends each log with a number, for example _1, _2, until you stop the trace, the user logs off, or you shut down the system.
NOTE: The "GB" is case sensitive. - To use AMTrace without the rollover option:
Choose an appropriate logging method for the issue you want to record:
AMTrace.exe -b now -m 4GB -L stop
AMTrace.exe -b now -m 4GB -L circular
The stop mode creates a trace session that stops logging when it reaches the size limit.
The circular mode creates a trace session that logs to a single file. After reaching the maximum size, older events are overwritten.
NOTE: The "L" and "GB" are case sensitive.
- Stop the trace and save the log. Use the following command:
AMTrace -e
- When possible, AMTrace tries to automatically rename the resulting ETL files to include the start time and stop time of the logging in the file name. For example,
amtrace_20200704.010203-010305.etl would indicate that logging began 2020-07-04 (July 4, 2020) at 1:02:03, and continued until 1:03:05.
If AMTrace is unable to rename the file when logging stops, it is still possible to rename the file manually with another AMTrace command:
AMTrace.exe --datestamp *.etl
This command accepts wildcards (* or? ). These wildcards reference multiple characters or a single character respectively. This command renames the specified file or files to include the start and stop times in the file name. It does not affect files that already have the datestamp added.
- Click Start, type
Back to top
解決策
How to use Windows Performance Recorder (WPR):
Runwprui.exe :
Run
- Click Start, type
cmd.exe in the Search bar, right-clickcmd.exe from the list, and click Run as administrator. - Type
wprui.exe and press Enter to start WPR.NOTE: If the program does not run or is not found, you must first install it. WPR is part of the Windows Performance Toolkit, which is available from the Windows SDK or the Windows Assessment and Deployment Kit:- For Windows SDK, see https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk.
- For Windows Assessment and Deployment Kit, see https://msdn.microsoft.com/en-us/windows/hardware/commercialize/test/wpt/index.
- Choose to use a Performance Scenario and other settings, as recommended in the following table:
Performance
IssuePerformance
ScenarioDetail
LevelLogging
ModeProfiles to Include Number of
IterationsSlow boot or logonBootSee belowFileFirst-level Triage, CPU use, File I/O activity At least 1 High CPU useGeneralSee belowFileFirst-level Triage, CPU use, File I/O activity N/A Application is slow or unresponsiveGeneral See below File First-level Triage, CPU use, File I/O activity N/A For Detail Level, use the Light setting first, to capture an overview of the problem. Technical Support recommends a capture of 30 seconds to two minutes. For a deeper analysis of the problem, use the Verbose setting and capture at least 30 seconds. Technical Support does not recommend using only the Verbose option. The Verbose option places extra strain on the system, which can change or mask the original problem you want to investigate. Thus, the Light setting is used to show the issue, while the Verbose setting is used to investigate the details.
解決策
How to use Process Monitor:
- Prepare Process Monitor:
- Download Process Monitor from: https://technet.microsoft.com/en-us/library/bb896645.aspx.
- Extract
Procmon.exe to the Desktop.
- Run Process Monitor. When you are ready to start Process Monitor, use the option below that the relevant data collection section needs:
- To enable the Process Monitor boot logging option, if needed by the relevant data collection section:
- Open the Process Monitor console.
- Click Options.
- Click Enable Boot Logging.
- Click OK on the pop-up window. The next time a reboot occurs, a boot trace log is created.
- To save the log, run Process Monitor again and click File, Save (select All Events and use the native PML format).
- To immediately start Process Monitor:
- Run
Procmon.exe . This command starts to automatically capture process information. - To stop Process Monitor, press Ctrl+E or click File and deselect Capture Events. Press Ctrl+E again to resume data collection.
- To save the log, click File, Save. Select All Events and use the native PML format.
- Run
- To enable the Process Monitor boot logging option, if needed by the relevant data collection section:
解決策
Slow boot or startup
Perform the steps in this section if the symptoms are any of the following:
Perform the steps in this section if the symptoms are any of the following:
- Slow boot or startup
- Slow logon
Data collection steps for AMTrace and Process Monitor:
- Start AMTrace with the
onboot option. - Start Process Monitor and enable the boot logging option.
- Reboot the system.
- Reproduce the issue.
- Log on to the system.
- Stop AMTrace and save the log.
- Open Process Monitor and save the boot log.
Data collection steps for Windows Performance Recorder:
- Run WPR.
- Configure the Boot Performance Scenario.
- Start the capture.
- Reboot the system.
- Reproduce the issue.
- Log on to the system.
- Allow the
WPR: Boot Trace to finish. - Capture the saved ETL files.
解決策
Slow performance (reproducible)
Perform the steps in this section if the symptoms are reproducible and are any of the following:
Perform the steps in this section if the symptoms are reproducible and are any of the following:
- Slow application startup
- Slow application performance
- Slow system performance
Data collection steps for AMTrace and Process Monitor:
- Start Process Monitor.
- Start AMTrace with the now option.
- Reproduce the issue.
- Stop AMTrace and save the log.
- Stop Process Monitor and save the log.
Data collection steps for Windows Performance Recorder:
- Run WPR.
- Configure the General Performance Scenario.
- Start the trace.
- Reproduce the issue.
- Stop the trace.
- Capture the saved file.
解決策
Slow performance (random)
Perform the steps in this section if the symptoms occur randomly and are any of the following:
Data collection steps for AMTrace:
Perform the steps in this section if the symptoms occur randomly and are any of the following:
- Slow application startup
- Slow application performance
- Slow system performance
Data collection steps for AMTrace:
- Start AMTrace with the rollover option.
- When the issue occurs, stop AMTrace and save the log.
Data collection steps for Windows Performance Recorder:
- Run WPR.
- Configure the General Performance Scenario with Memory as the Logging Mode.
- Start the trace.
- Reproduce the issue.
- Save the trace as soon as possible after reproducing the issue.
- Capture the saved file.
解決策
System or application becomes unresponsive
Perform the steps in this section if the symptoms are any of the following:
Perform the steps in this section if the symptoms are any of the following:
- System becomes unresponsive or deadlock occurs
- Application becomes unresponsive (not responding and does not recover)
Data collection steps:
-
Configure the system to create a full
memory.dmp . See KB56023. - Configure the system to allow for a keyboard crash. See https://msdn.microsoft.com/en-us/library/windows/hardware/ff545499%28v=vs.85%29.aspx.
- Create the dump file when the issue occurs. In general, the longer you can wait before you generate the dump file, the more help it provides with identifying the hang condition in the dump.
解決策
VSE fails to install
Verify the following:
Data collection when a local installation fails:
NOTE: Make sure that you collect the data during a local installation of VSE.
Data collection when deployment through ePO fails:
Verify the following:
- To verify the requirements for McAfee Agent deployment from the ePolicy Orchestrator (ePO) server, see KB56386.
- To review the supported versions of McAfee Agent and ePO, see KB51111.
Data collection when a local installation fails:
NOTE: Make sure that you collect the data during a local installation of VSE.
- Download and unzip the standalone package from the Product Downloads site at: https://secure.mcafee.com/apps/downloads/my-products/login.aspx?region=us.
- Start Process Monitor.
- Start AMTrace with the rollover option.
- Re-create the issue by running the local installation
(setupVSE.exe) as administrator, and select the single module you are troubleshooting. - Stop AMTrace and save the log.
- Stop Process Monitor and save the log.
- Collect a Minimum Escalation Requirements (MER) file. Run as Administrator.
Data collection when deployment through ePO fails:
If the product installs locally without errors, but you see the issue when you deploy using ePO, use these steps to investigate an ePO deployment installation issue:
- Enable McAfee Agent debug logging. For detailed steps to enable McAfee Agent debug logging, see KB82170.
- Replicate the issue.
- Collect a Minimum Escalation Requirements (MER) file. Run as Administrator.
関連情報
The content from KB70085 has been integrated into the "VSE fails to install" section above.
Contact Technical Support
Contact Technical Support
To contact Technical Support, log on to the ServicePortal and go to the Create a Service Request page at https://support.mcafee.com/ServicePortal/faces/serviceRequests/createSR:
- If you are a registered user, type your User Id and Password, and then click Log In.
- If you are not a registered user, click Register and complete the required fields. Your password and logon instructions will be emailed to you.
添付ファイル
以前のドキュメント ID
70085
言語:
この記事は、次の言語で表示可能です:
English United StatesSpanish Spain
French
Italian
Japanese
Portuguese Brasileiro
