Enable AMSP debug logs to gather more information when troubleshooting issues related to the Anti-malware feature of the Deep Security Agent.
Collecting the Deep Security Agent (DSA) Anti-Malware (AM) logs
DSA 9.5 and higher versions write their log information to disk automatically. All of the tracing and error/warning/information messages go to a disk file named ds_agent.log. This disk file gets rotated automatically and is included in an agent diagnostic package.
The trace settings can be changed on-the-fly via a protocol command. The sendCommand utility can be used to send the trace command to the agent with an argument format of:
trace+=<settings to add>
trace-=<settings to remove>
To configure the trace settings, go to C:\Program Files\Trend Micro\Deep Security Agent and execute the command that corresponds to the action you want to do.
- To check the current trace settings:
sendCommand --get Trace
- To enable AM debug:
sendCommand --get Trace trace+=AM,AMSP,dsp.am.*
- To get a complete debug logs including other modules:
sendCommand --get Trace trace+=*
- To disable AM debug:
sendCommand --get Trace trace-=AM,AMSP,dsp.am.*
The log files are kept in the diag subdirectory under the agent's main data folder location:
For Vista+: C:\ProgramData\Trend Micro\Deep Security Agent
For Windows older version: C:\Documents and Settings\All Users\Application Data\Trend Micro\Deep Security Agent
Collecting the Anti-Malware Solution Platform (AMSP) local mode debug logs
- Disable the self-protection and stop the AMSP service.
- Go to the AMSP installation folder. By default, it is located under C:\Program Files\Trend Micro\AMSP.
- Open the AmspConfig.ini file with an administrative permission.
- Set the following parameters and save the changes:
Where the values of DebugLogMode are as follow:
0 - Local mode
1 - Remote pipe mode
- Start the AMSP service.
- Open the AMSP installation folder\debug\ folder and make sure the Amsp_LocalDebugLog.log file exists.
- Create diagnostic package to collect logs.
To enable debug log for Linux Anti-Malware module, see this article: Increase debug logging for anti-malware in protected Linux instances.