Trend Micro - Securing Your Journey to the Cloud Business
Support
Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Enabling Anti-Malware Solution Platform (AMSP) debug logs on Deep Security Agent (DSA)

    • Updated:
    • 23 Aug 2017
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 10.1
    • Deep Security 9.5
    • Deep Security 9.6
    • Platform:
    • Windows 2003 Server R2
    • Windows 2008 Enterprise
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Server R2
    • Windows 2008 Server R2 Enterprise
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
    • Windows 2012 Datacenter R2
    • Windows 2012 Enterprise
    • Windows 2012 Standard R2
    • Windows 8.1 32-bit
    • Windows 8.1 64-bit
Summary

Enable AMSP debug logs to gather more information when troubleshooting issues related to the Anti-malware feature of the Deep Security Agent.

Details
Public

Collecting the Deep Security Agent (DSA) Anti-Malware (AM) logs

DSA 9.5 and higher versions write their log information to disk automatically. All of the tracing and error/warning/information messages go to a disk file named ds_agent.log. This disk file gets rotated automatically and is included in an agent diagnostic package.

The trace settings can be changed on-the-fly via a protocol command. The sendCommand utility can be used to send the trace command to the agent with an argument format of:

trace=<new settings>
trace+=<settings to add>
trace-=<settings to remove>

To configure the trace settings, go to C:\Program Files\Trend Micro\Deep Security Agent and execute the command that corresponds to the action you want to do.

  • To check the current trace settings:

    sendCommand --get Trace

  • To enable AM debug:

    sendCommand --get Trace trace+=AM,AMSP,dsp.am.*

  • To get a complete debug logs including other modules:

    sendCommand --get Trace trace+=*

  • To disable AM debug:

    sendCommand --get Trace trace-=AM,AMSP,dsp.am.*

The log files are kept in the diag subdirectory under the agent's main data folder location:

For Vista+: C:\ProgramData\Trend Micro\Deep Security Agent
For Windows older version: C:\Documents and Settings\All Users\Application Data\Trend Micro\Deep Security Agent

Collecting the Anti-Malware Solution Platform (AMSP) debug logs

  1. Disable the self-protection and stop the AMSP service.
  2. Go to the AMSP installation folder. By default, it is located under C:\Program Files\Trend Micro\AMSP.
  3. Open the AmspConfig.ini file with an administrative permission.
  4. Set the following parameters and save the changes:

    DebugLogAMSPServiceStart=1
    DebugLogMode=0

    Where the values of DebugLogMode are as follow:

    0 - Local mode
    1 - Remote pipe mode

  5. Start the AMSP service.
  6. Open the AMSP installation folder\debug\ folder and make sure the Amsp_LocalDebugLog.log file exists.
  7. Create diagnostic package to collect logs.
 
Enabling the Local Mode may cause performance impact, so make sure to recover the previous log setting after collecting the AMSP logs.
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1105491
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.
Related Articles