Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Debug logs checklist for Anti-Malware Solution Platform (AMSP) 1.5

    • Updated:
    • 4 Feb 2015
    • Product/Version:
    • Worry-Free Business Security Standard/Advanced 7.0
    • Platform:
    • Windows 2003 Datacenter Server
    • Windows 2003 Enterprise Server
    • Windows 2003 Home Server
    • Windows 2003 Small Business Server
    • Windows 2003 Standard Server Edition
    • Windows 2003 Storage Server
    • Windows 2003 Web Server Edition
    • Windows 2008 Datacenter Server
    • Windows 2008 Enterprise Server
    • Windows 2008 Essential Business Server
    • Windows 2008 Small Business Server
    • Windows 2008 Standard Server Edition
    • Windows 2008 Storage Server
    • Windows Vista 32-bit
    • Windows Vista 64-bit
    • Windows XP Professional
Summary

This article provides a list of the debug logs for AMSP.

Details
Public

Choose a category for the list of debug log files related to AMSP

NameSettingOutput
AMSP Framework
  1. Stop the AMSP service.
  2. Run the AMSP_LogServer.exe file. It will generate the AmspConfig.ini file.
  3. Open AmspConfig.ini and set "DebugLevel" to "1".
  4. Close and restart AMSP_LogServer.exe.
  5. Start the AMSP service.
  6. Reproduce the bug.
  7. Close AMSP_LogServer.exe.
<AMSP install folder> \debug\Amsp_DebugLog.log
InstallationBy default, the AMSP installation library does not generate debug logs.<AMSP install folder>>\debug\Amsp_Event.log
AMSP EventEnabled by default<AMSP install folder>\debug\Amsp_Event.log
NameSettingOutput
iAU
  1. Turn on iAU log
  2. Open the <AMSP installation folder>\update\iau_sdk\iau.cfg file.
  3. Modify log level to "-1" to enable all logs.
<AMSP install folder>\debug\7\>
NameSettingOutput
TmProxy
  1. Enable Debug logs by editing the ..AMSP\AmspLogFilter.ini file as follows:
    											[LogFilter]
    LOG_INFO_TYPE_ENGINE_TMUFE_FR=1
    LOG_INFO_TYPE_ENGINE_TMUFE_UF=1
    LOG_INFO_TYPE_ENGINE_TMPROXY=1
    										
  2. Reload the Security Agent.
  3. Collect debug logs under:
    • tmufe_filepath=C:\Program Files\Trend Micro\AMSP\debug\10005\
    • tmufe_fr_filename=TMUFE_FR.log
    • tmufe_uf_filename=TMUFE_UF.log
    • tmproxy_filepath=C:\Program Files\TrendMicro\AMSP\debug\20004\tmproxy_filename=*
      _NSC_TmProxy.log
  4. Collect AMSP debug logs under: C:\Windows\temp\WFBS_Debug\*.*
<AMSP install folder>\debug\20004
Tmtdi Driver

This is the driver installation log.

Whenever the AMSP network driver Tmtdi is updated or removed, the computer must be restarted.

<AMSP install folder>\tminstall.log
Browser pluginBrowser plug-in installation<AMSP install folder>\tminstall.log
TMSA
  1. Open the system_config.cfg file.
  2. Set AMSP_CFG_TMSA_DEBUG_LEVEL (0x03470002/54984706) to "1". (The default value for this is "6").
<AMSP install folder>\debug\10011\tmsa.log
NameSettingOutput
TmPfw
  1. Open the system_config.cfg file.
  2. Set AMSP_CFG_FW_DEBUG_LOG_LEVEL (0x00970001/9895937) to "1". (The default value for this is "0".)
<AMSP install folder>\debug\20003
NameSettingOutput
AEGIS
  1. Open the Registry Editor.
     
    Important: Always back up the whole registry before making any modifications. Incorrect changes to the registry can cause serious system problems.
  2. Add the registry value. Go to HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS\
  3. Set the value of "DebugLogFlags" to "50".
  4. Restart the AMSP.
<AMSP install folder>\module\20001\\log\
NameSettingOutput
tscdll32/64.dll.dll
  1. Open the system_config.cfg file.
  2. Set AMSP_CFG_DCE_DEBUG_INFO_LEVEL (0x00b70005/11993093) to "5". (The default value for this is "0").
Log path:
<AMSP install folder>\debug\10002\

Report path:
<AMSP install folder>\report
NameSettingOutput
Ssapi32/64.dll
  1. Open the system_config.cfg file.
  2. Set AMSP_CFG_SPYWARE_ENGINE_LOGLEVEL (0x00c70000/13041664) to "2". (The default value for this is "1".)
<AMSP install folder>\debug\10001\ssapi.log, ssapi.log.bak
NameSettingOutput
ICRCHdler.dll
  1. Open the system_config.cfg file.
  2. Set AMSP_CFG_ICRC_CDTLOG_FLAG (0x0247001C/38207516) to "1".
<AMSP install folder>\icrc.dat
ICRCHdler.dll

Use performance counter:

  • perfiCrcPerfMonMgr.dll
  • perfiCrcPerfMonMgr.ini
  • sym_perfiCrcPerfMonMgr.h
 
NameSettingOutput
tmufeng.dll
  1. Open the system_config.cfg file using the AMSPCryptool.
    Note: Type "novirus" when prompted for password.
  2. Set AMSP_CFG_TMUFE_LOG_ENABLE (0x00d1000a/13697034) to "1". (The default value for this is "0".)
  3. Restart the AMSP.

Note: When TMUFE is unable to query rating servers, check if the proxy settings are correct.

<AMSP install folder>\debug\10005\
NameSettingOutput
tmufeng.dll
  1. Open the system_config.cfg file.
  2. Set AMSP_CFG_TMFBE_LOG_ENABLE (0x02510011/38862865) to "1". (The default value for this is "0".)
  3. Restart the AMSP.

Note: By default, the TMFBE sends suspicious executable files to Trend Micro as feedback every 300 seconds (or 10 files).

<AMSP install folder>\debug\10007\
NameSettingOutput
TMLCE32.dll
  1. Open the system_config.cfg file.
  2. Set AMSP_CFG_LCE_DEBUG_LEVEL (0x02510011/38862865) to "1". (The default value for this is "0".)

Note: When AMSP get the malware report or the PEM report and the confidence level is more than 7, it will trigger RCA.

<AMSP install folder>\debug\10009\
TMLES32.dll
  1. Open the system_config.cfg file.
  2. Set (0x02510011/38862865) to "1". (The default value for this is "0".)

Note: When AMSP get the malware report or the PEM report and the confidence level is more than 7, it will trigger RCA.

<AMSP install folder>\debug\10010\
Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1056749
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.