Debug logs checklist for Anti-Malware Solution Platform (AMSP) 1.5

1. Stop the AMSP service.
2. Run the AMSP_LogServer.exe file. It will generate the AmspConfig.ini file.
3. Open AmspConfig.ini and set "DebugLevel" to "1".
4. Close and restart AMSP_LogServer.exe.
5. Start the AMSP service.
6. Reproduce the bug.
7. Close AMSP_LogServer.exe.

1. Turn on iAU log
2. Open the <AMSP installation folder>\update\iau_sdk\iau.cfg file.
3. Modify log level to "-1" to enable all logs.

1. Enable Debug logs by editing the ..AMSP\AmspLogFilter.ini file as follows:

   											[LogFilter]
   LOG_INFO_TYPE_ENGINE_TMUFE_FR=1
   LOG_INFO_TYPE_ENGINE_TMUFE_UF=1
   LOG_INFO_TYPE_ENGINE_TMPROXY=1
   										

2. Reload the Security Agent.
3. Collect debug logs under:
   • tmufe_filepath=C:\Program Files\Trend Micro\AMSP\debug\10005\
   • tmufe_fr_filename=TMUFE_FR.log
   • tmufe_uf_filename=TMUFE_UF.log
   • tmproxy_filepath=C:\Program Files\TrendMicro\AMSP\debug\20004\tmproxy_filename=*
     _NSC_TmProxy.log
4. Collect AMSP debug logs under: C:\Windows\temp\WFBS_Debug\*.*

This is the driver installation log.

Whenever the AMSP network driver Tmtdi is updated or removed, the computer must be restarted.

1. Open the system_config.cfg file.
2. Set AMSP_CFG_TMSA_DEBUG_LEVEL (0x03470002/54984706) to "1". (The default value for this is "6").

1. Open the system_config.cfg file.
2. Set AMSP_CFG_FW_DEBUG_LOG_LEVEL (0x00970001/9895937) to "1". (The default value for this is "0".)

1. Open the Registry Editor.
    

   Important: Always back up the whole registry before making any modifications. Incorrect changes to the registry can cause serious system problems.
2. Add the registry value. Go to HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS\
3. Set the value of "DebugLogFlags" to "50".
4. Restart the AMSP.

1. Open the system_config.cfg file.
2. Set AMSP_CFG_DCE_DEBUG_INFO_LEVEL (0x00b70005/11993093) to "5". (The default value for this is "0").

1. Open the system_config.cfg file.
2. Set AMSP_CFG_SPYWARE_ENGINE_LOGLEVEL (0x00c70000/13041664) to "2". (The default value for this is "1".)

1. Open the system_config.cfg file.
2. Set AMSP_CFG_ICRC_CDTLOG_FLAG (0x0247001C/38207516) to "1".

Use performance counter:

• perfiCrcPerfMonMgr.dll
• perfiCrcPerfMonMgr.ini
• sym_perfiCrcPerfMonMgr.h

1. Open the system_config.cfg file using the AMSPCryptool.
   Note: Type "novirus" when prompted for password.
2. Set AMSP_CFG_TMUFE_LOG_ENABLE (0x00d1000a/13697034) to "1". (The default value for this is "0".)
3. Restart the AMSP.

Note: When TMUFE is unable to query rating servers, check if the proxy settings are correct.

1. Open the system_config.cfg file.
2. Set AMSP_CFG_TMFBE_LOG_ENABLE (0x02510011/38862865) to "1". (The default value for this is "0".)
3. Restart the AMSP.

Note: By default, the TMFBE sends suspicious executable files to Trend Micro as feedback every 300 seconds (or 10 files).

1. Open the system_config.cfg file.
2. Set AMSP_CFG_LCE_DEBUG_LEVEL (0x02510011/38862865) to "1". (The default value for this is "0".)

Note: When AMSP get the malware report or the PEM report and the confidence level is more than 7, it will trigger RCA.

1. Open the system_config.cfg file.
2. Set (0x02510011/38862865) to "1". (The default value for this is "0".)

Note: When AMSP get the malware report or the PEM report and the confidence level is more than 7, it will trigger RCA.