Trend Micro - Securing Your Journey to the Cloud Business
Support
Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Enabling Anti-Malware Solution Platform (AMSP) debug logs on Deep Security Agent (DSA)

    • Updated:
    • 1 Oct 2019
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 11.0
    • Deep Security 12.0
    • Platform:
    • Windows -
Summary

Enable AMSP debug logs to gather more information when troubleshooting issues related to the Anti-malware feature of the Deep Security Agent.

Details
Public

Collecting the Deep Security Agent (DSA) Anti-Malware (AM) logs

DSA 9.5 and higher versions write their log information to disk automatically. All of the tracing and error/warning/information messages go to a disk file named ds_agent.log. This disk file gets rotated automatically and is included in an agent diagnostic package.

The trace settings can be changed on-the-fly via a protocol command. The sendCommand utility can be used to send the trace command to the agent with an argument format of:

trace=<new settings>
trace+=<settings to add>
trace-=<settings to remove>

To configure the trace settings, go to C:\Program Files\Trend Micro\Deep Security Agent and execute the command that corresponds to the action you want to do.

  • To check the current trace settings:

    sendCommand --get Trace

  • To enable AM debug:

    sendCommand --get Trace trace+=AM,AMSP,dsp.am.*

  • To get a complete debug logs including other modules:

    sendCommand --get Trace trace+=*

  • To disable AM debug:

    sendCommand --get Trace trace-=AM,AMSP,dsp.am.*

The log files are kept in the diag subdirectory under the agent's main data folder location:

For Vista+: C:\ProgramData\Trend Micro\Deep Security Agent
For Windows older version: C:\Documents and Settings\All Users\Application Data\Trend Micro\Deep Security Agent

Collecting the Anti-Malware Solution Platform (AMSP) local mode debug logs

 
In Deep Security 12.0 or later, AMSP adopts local mode debug log by default. The log can be enabled and disabled using the commands above. The following manual steps for AmspConfig.ini are not required in Deep Security 12.0 and above.
  1. Disable the self-protection and stop the AMSP service.
  2. Go to the AMSP installation folder. By default, it is located under C:\Program Files\Trend Micro\AMSP.
  3. Open the AmspConfig.ini file with an administrative permission.
  4. Set the following parameters and save the changes:

    DebugLogAMSPServiceStart=1
    DebugLogMode=0

    Where the values of DebugLogMode are as follow:

    0 - Local mode
    1 - Remote pipe mode

  5. Start the AMSP service.
  6. Open the AMSP installation folder\debug\ folder and make sure the Amsp_LocalDebugLog.log file exists.
  7. Create diagnostic package to collect logs.
 
Enabling the Local Mode may cause performance impact, so make sure to recover the previous log setting after collecting the AMSP logs. For Deep Security 12.0 and higher version, users can run the commands above to directly disable the AMSP log.

To enable debug log for Linux Anti-Malware module, see this article: Increase debug logging for anti-malware in protected Linux instances.

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
1105491
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.
Related Articles