Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Using the Support Connector Tool to collect logs for troubleshooting Deep Security Agent issues

    • Updated:
    • 14 Jan 2021
    • Product/Version:
    • Deep Security All
    • Platform:
    • Windows 7 SP1, Windows 10 Windows Server 2019, 2016, 2012 Amazon Linux 1, 2 CentOS 6,7 RHEL 6,7
Summary

Support Connector is a tool that can assist in deploying a dedicated Support Connector Packages for performing further troubleshooting steps upon the customers authorization.

This article discusses how to deploy and use this tool.

Details
Public
Note: Not All platforms with Deep Security Agent is supported by the XBC agent
  1. Before the Solution Center is ready for Deep Security support team, Endpoint Basecamp package should be provided by XBC team
    1. Request XBC team to create a new company in XBC backend for this customer, please provide either the following information:
    2. XBC team provides Endpoint Basecamp packages (with the specific token), the package only can be used in this customer
      1. Windows (X86/X64) : EndpointBasecamp.exe

        Platform Support:

        • Windows 7 SP1 and later version
      2. Linux : tmxbc_linux64.tgz

        Platform Support:

        • Amazon Linux
        • Amazon Linux2
        • CentOS 6
        • CentOS 7
        • Red Hat Enterprise Linux 6
        • Red Hat Enterprise Linux 7
  2. Ask customers to install Endpoint Basecamp into the target endpoints
    1. Windows: (Online help:https://docs.trendmicro.com/en-us/enterprise/trend-micro-xdr-online-help/apps/endpoint-inventory_001/getting-started-with.aspx)
      1. For Windows endpoints that not require proxy to connect to external networks
        1. Run EndpointBasecamp.exe with administrator permission
      2. For Windows endpoints that require a proxy server to connect to external networks, open a command line editor as an administrator and execute the following command:
        1. EndpointBasecamp.exe /proxy_server_port <proxy_server_ip_or_fqdn:port>

          For example:

          EndpointBasecamp.exe /proxy_server_port 10.1.1.1:80

    2. Linux : (Online help : https://docs.trendmicro.com/en-us/enterprise/trend-micro-xdr-help/LinuxDeployment)
      1. To install the Endpoint Basecamp program without a proxy, execute the following command:

        $ ./tmxbc install

      2. To install the Endpoint Basecamp program with a proxy, execute the following command:

        $ ./tmxbc install --proxyURL <IPv4 or IPv6 address of proxy server>

        For example:

        $ ./tmxbc install --proxyURL http://10.1.1.1:80

Here are the steps to get the Deep Security Manager GUID (Optional if you have provided the CLP Company ID)

Login to the DSM Server and open the cmd for Windows or Terminal for Linux and run the following command

  • Windows:

    C:\> "\Program Files\Trend Micro\Deep Security Manager\dsm_c" -action viewsetting -name settings.configuration.dsmGUID

  • Linux:

    # /opt/dsm/dsm_c -action viewsetting -name settings.configuration.dsmGUID

  1. Deep Security SEG team will help to create SCP tool for case troubleshooting depending on the issue reported, the tool might perform the following actions
    1.  Debug information collection (refer to “Collected Information” section”
    2. Agent recovery
    3. Other troubleshooting actions
  2. Register the SCP actions to the specific endpoint (Executed by DS SEG team by XBC API script)
    1. Only when a support ticket being created and deployment plan being acknowledged by customers, SEG will deploy SCP to agent side. Without SCP, Endpoint Basecamp will only send agent GUID to Trend Micro backend for task check on 10 minutes basis.
  3. Once Support Connector Package (SCP) is executed, it will be removed from the endpoint and will feedback the result to Trend Micro backend server and Technical Support team will proceed to solve the issue.

Depending on the troubleshooting scope, the Support Connector Tool collects one or more of the following information, but not limited to:

  • GUID
  • User account
  • Host name
  • Domain name
  • IP address
  • MAC address
  • File name/path/owner
  • Process name/path/owner
  • URL
  • Registry hive
 
Some of the collected information may contain Personally Identifiable Information (PII).
 
  • Windows
    1. Request the uninstall token and uninstaller of Endpoint Basecamp (portal will be ready on 1/18), XBC team will provide the following files 

      1. XBCUninstaller.exe
      2. XBCUninstallToken.txt (This token will be expired after 14 days)
    2. Run the following command with Administrator permission
      1. XBCUninstaller.exe XBCUninstallToken.txt
  • Linux
    1. Change user role to root
    2. Execute the following command:

      $ /opt/TrendMicro/Endpointbasecamp/bin/tmxbc uninstall

  1. Would Endpoint Basecamp and SCP collect any Personally Identifiable Information (PII) without notice?
    • Endpoint Basecamp will NOT collect PII without user notice. It will only send GUID for task checking on 10 minutes basis.
    • ONLY when a support ticket has been created and customer acknowledged the deployment plan, a SCP could be deployed to agent side for debug information collection.
  2. How Endpoint Basecamp connection being secured?
    • Endpoint Basecamp connection to backend is secured by HTTPS, thus TCPport shall be allowed on agent side.
  3. How Endpoint Basecamp agent being secured?
    • Endpoint Basecamp checks all SCP files, only the files are provided from Trend Micro and only for Support Connector Packages can be executed on the endpoints 
    • Only authenticated Endpoint Basecamp agent can be communicated with Endpoint Basecamp backend
Premium
Internal
Partner
Rating:
Category:
Troubleshoot
Solution Id:
000283881
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.