How to gather Trace Log Files for Ivanti Antivirus

Version 14

    Verified Product Versions

    LANDESK Management Suite 9.6LANDESK Management Suite 2016.xLANDESK Endpoint Manager 2017.x

     

     

    At times an issue with Ivanti Antivirus may require more in-depth analysis and troubleshooting.  Ivanti engineers may request an application runtime trace files for troubleshooting such cases.

    These log files contain verbose information that can assist in finding the root cause of an issue.

     

    How to generate an application trace file

     

    Via Command Line

    "avp.com traces on | off"

    Note. Make sure your user account has administrator permissions.

     

    OR

     

    1. Click Support in the bottom left corner of the main application window.
      AVSupportLink.jpg
    2. The Support window will open, click System tracing. This will open the Information for Technical Support window.
      SystemTracingLink.jpg
    3. Click Enable to start generating the trace files.
      EnabledTraces.jpg
    4. Stop Ivanti Antivirus by right-clicking the tray icon and selecting Exit and then restart Anvirus by selecting Ivanti Antivirus from the Ivanti Management program group.

      (If the Exit option does not exist, the following sub-steps should be followed):
        4a. (In order to restart Ivanti Antivirus the following permissions must be set in the Ivanti Antivirus settings in the console and applied to the client):
      AVPermissions.jpg
        4b.
      In order to refresh settings simply refresh settings, select the "Create a Task" (calendar icon) drop-down in the Agent Settings tool, select "Change Settings" and then create a schedule. 
              Alternatively "vulscan /changesettings" can be run from the client command line.  (Add /showui to the command to view the interface while it is running)

    5. Go through the steps that result in the issue observed.
    6. Click Disable to stop generating the trace file.

    Note. Trace files are created in encrypted form with the .ENC1 extension and unique names: [Application-version]_[Creation_date]_[Creation_time_GMT]_[PID]
              This encryption ensures that the log files can only be viewed by an authorized support or development engineer.            

     

    Where to find the generated trace files

     

    • C:\ProgramData\Kaspersky Lab\

    traces.png

     

    If there is an update task running (downloading pattern files), another log file gets generated in *.ENC format.

    Important: The created trace files are encrypted and can only be viewed by an authorized support or development engineer.   

     

    By default, the folders containing trace files are hidden. Make sure you have the "show hidden files" setting enabled in Windows or type the path into the File Explorer address bar to be able to access the trace files.

     

    Sending trace files to Ivanti Technical Support

     

    Unless requested otherwise, the following steps should be taken to send the trace files toIvanti Technical Support:

    1. Compress the trace files into a .ZIP format with the filename IvantiCase#_ldav_trace.zip (WhereIvantiCase# is the numerical Ivanti case number assigned to your incident)
    2. Upload the .ZIP file from to ftp://Landesk-public:b8Wk3EECl1Yri5@data3.kaspersky-labs.com
    3. Inform the Ivanti Support technician of the exact file name (please include case sensitivity if it differs from the recommendation above).

     

    Trace log detail levels

     

    Typically the default trace level should be used.  Exceptions will be specified by the support technician:

     

    The following trace levels are available (from minimum to maximum details):

     

    • Critical (100). Logs critical errors only.
    • High (200). Logs all errors including critical.
    • Troubleshooting (300). Logs all errors and warnings.
    • Important (400). Logs all errors and warnings, plus additional information messages.
    • Normal (500).  Logs all errors and warnings, as well as additional information messages and normal operational data.  (This is the default log level)
    • Low (600). Logs all possible messages.

     

    How to delete a trace file

     

    In order to delete the trace files, you should exit Ivanti Antivirus, delete the trace file from the %ProgramData% folder and start the application again.

     

    Useful references

    How to troubleshoot Ivanti Antivirus

    How to enable / disable trace files generation via registry