To use the Case Diagnostic Tool, follow the steps below or watch an audio-video guide for instructions:
- Download the CDT zip file.
Make sure to select the latest version available for your operating system.
- Extract all the content of the zip file into a local directory on your computer.
- Run the CDT.
- Start the application.
- Accept the agreement.
- Click Start.
A window appears showing Trend Micro products being detected.
- Accept the agreement.
- Select Scan Related Issue > Collect AEGIS debug information then click Next.
-
Reproduce the issue:
- Click Start Debug Mode.
- Wait for the debug mode to change to “ON”.
- At this point you are ready to reproduce the issue. Collect a screenshot of any message you might see on the screen.
If you are not able to reproduce the issue, or debugging is not required, then you can click Skip and go to Step 7.
- Click Start Debug Mode.
- Once the issue has been reproduced, click Stop Debug Mode and it will be turned off.
- Collect the logs.
- Name a folder where the logs will be saved.
- Select Today's logs.
- Write any comment you want to add, or a detailed description of the issue (if not already provided). If you have nothing to add, just write “nothing to add”.
You need to write something here. Otherwise, you will get this error message:
- Generate the logs.
When the application is complete, a new folder and zip file will be created in the directory you named in Step 8a. - Click Open Folder to open the folder where the CDT report was saved.
- Click Finish to close the CDT.
To enable debugging:
- Unload the Security agent or stop the Apex One Real-Time Scan Service.
- Open the Registry Editor and modify the following registry keys:
Always back up the whole registry before making any modifications. Incorrect changes to the registry can cause serious system problems.
- For 32 bit:
- HKLM\SOFTWARE\TrendMicro\Aegis\DebugLogFlags = dword:0000000xff
- HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Real Time Scan Configuration\DACPolicyDump = dword:00000001
- For 64 bit:
- HKLM\SOFTWARE\TrendMicro\Aegis\DebugLogFlags = dword:0000000xff
- HKLM\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Real Time Scan Configuration\DACPolicyDump = dword:00000001
This will create a file called dac_policy_dump.log, which is a DAC policy dump file under \Apex One\Misc.
- For 32 bit:
- Close the Registry Editor.
- Download and extract the AEGISExpert file located in the links below:
- For 32 bit: AEGISExpert.zip
- For 64 bit: AEGISExpertx64.zip
- Put the extracted files in ..\Trend Micro\Apex One\.
- Reload the Apex One client or restart the Apex One Real-Time Scan Service.
- Open a command prompt and go to ..\Trend Micro\Apex One\.
- Execute the following command:
AEGISExpert.exe -start -timeout=60 -query > summary.txt
The command will collect AEGIS raw event for the next 60 seconds. Replicate the issue during this period. If 60 seconds is not enough, change the -timeout value in the command above.
- When AEGISExpert stops, collect the following files and send them to Trend Micro Technical Support:
- RawEvent.log and summary.txt in ..\Trend Micro\Security Agent\
- All files in ..\Trend Micro\BM\log\
- All files in ..\Trend Micro\BM\Profiles\
- dac_policy_dump.log in ..\Trend Micro\Security Agent\Misc\
- TMBMCliyyyymmdd_nn.log in ..\TrendMicro\Security Agent\Log
To disable debugging:
- Open the Registry Editor and modify the following registry keys:
Always back up the whole registry before making any modifications. Incorrect changes to the registry can cause serious system problems.
- For 32 bit:
- HKLM\SOFTWARE\TrendMicro\Aegis\DebugLogFlags = dword:00000000
- HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Real Time Scan Configuration\DACPolicyDump = dword:00000000
- For 64 bit:
- HKLM\SOFTWARE\TrendMicro\Aegis\DebugLogFlags = dword:00000000
- HKLM\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Real Time Scan Configuration\DACPolicyDump = dword:00000000
- For 32 bit:
- Close the Registry Editor.
- Restart Apex One RealTime Scan to disable debugging.