Run the following command to start the WPR Trace (ETL) Log and reset counters depending on the estimated time needed to reproduce.Reproduce the behavior when Sensor is in Bypass Rename counters.txt to procmon-active-counters.txt, and psc_sensor.zip to procmon-active-psc_sensor.zip.C:\Program Files\Confer>repcli capture c:\temp - Change to desired location
Run commands to collect counters.txt and psc_sensor.zipī.Change the file name to procmon-active.PML.In the Save pop-up window, Select "Events to save: All events" and "Format: PML".Stop collection in Procmon (CTRL+E) and save the log file.C:\Program Files\Confer>repcli resetcounters C:\Program Files\Confer>repcli deletepolicy 1DED7E47-CE4C-448E-AD01-6F4AC3CE7F5D C:\Program Files\Confer>sc start cbdefense C:\Program Files\Confer>repcli stopCbServicesį. C:\Program Files\Confer>repcli registerProtectedSvcs 0Į. C:\Program Files\Confer>repcli bypass 1ĭ. C:\Program Files\Confer>sc qprotection cbdefense -Result will show either ANTIMALWARE LIGHT or None. C:\WINDOWS\system32>cd c:\program files\conferī. Run the following commands to collect the Procmon, Sensor logs, Counter logs :Ī.Rename counters.txt to wpr-active-counters.txt, and psc_sensor.zip to wpr-active-psc_sensor.zip.C:\Program Files\Confer>repcli capture c:\temp - Change to desired locationĬollecting diagnostic data (this may take a few minutes).Ĭaptured diagnostic data in c:\temp\psc_sensor.zip C:\Program Files\Confer>repcli counters > C:\temp\counters.txt - Change to desired locationĬ. Collect the wpr-active.etl, counters.txt, and psc_sensor.zipĪ.Note local machine time when testing started, and timezone of machine.Document exact steps taken to reproduce to provide to Support.C:\temp>wpr -start CPU -start diskio -start fileio -start registry -start network
0 kommentar(er)
