For further analysis of an issue, it is useful to gather log file information on the Thin Agent, or vsepflt.sys, installed with VMware Tools on Windows OS.
vShield Endpoint thin agent logging is done inside the protected virtual machines. The following registry entries are read at boot time from the Windows Registry, and are polled periodically:
The registry keys are found in the following locations:
- In vShield 1.0 x86 and x64: HKLM\System\CurrentControlSet\Services\VFileScsiFilter\Parameters\
- In vShield 5.x x86 and x64: HKLM\System\CurrentControlSet\Services\vsepflt\Parameters\
Both registry keys are DWORD bit masks that can be a combination of the following values: