To disable CDT:
- Open Task Manager and kill logserver.exe and CaseDiagnosticTool.exe if they are running.
- Delete the CDT subfolder if it exists.
- Unload the OSCE agent.
- For each module:
- Disable general information (Ofcdebug.log):
Do a keyword search for the following and delete all instances:
- ofcdebug.ini
- ofcdebug.log
- logserver.exe
- Disable Virus Scan log (tmfilter.log):
- Open the registry editor and look for the following key:
HKLM\SYSTEM\CurrentControlSet\Services\TMFilter\Parameters\DebugLogFlags
- Double-click the debuglogflags key and change its value to "0".
If the value is set to "3eff", it is debugging. If the value is "0", it is not.
- Save and close the registry.
- Open the registry editor and look for the following key:
- Disable Damage Clean log (TSCDebug.log):
- Open\tsc.ini.
- Modify "DebugInfoLevel=5" to "DebugInfoLevel=".
- Disable Firewall logs:
- Open the registry editor and delete following keys:
HKLM\SYSTEM\CurrentControlSet\Services\tmwfp\Parameters\DebugCtrl
HKLM\SYSTEM\CurrentControlSet\Services\tmlwf\Parameters\DebugCtrl - Open <Agent installation folder>\TmPfw.ini and set the following parameters to "0":
[InteractiveSession]
Enable=0
[ServiceSession]
Enable=0
- Open the registry editor and delete following keys:
- Disable Spyware Scan log (SSAPI.log):
- Open the registry editor and look for following keys:
HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\EnableSSAPILog
HKLM\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\EnableSSAPILog - Double-click the EnableSSAPILog key and change its value to "0".
- Open the registry editor and look for following keys:
- Disable Web Reputation log (OfcUrlf.log):
- For an agent on WinXP, Vista, Server 2003 and 2008, open\TmProxy.ini and set the following parameters to "0":
[InteractiveSession]
Enable=0
[ServiceSession]
Enable=0 - For other platforms, open\TmOspery.ini and set the following parameters to "0":
[InteractiveSession]
Enable=0
[ServiceSession]
Enable=0
- For an agent on WinXP, Vista, Server 2003 and 2008, open\TmProxy.ini and set the following parameters to "0":
- Disable Behavior Monitoring logs:
Delete the following keys in the registry editor:
HKLM\SOFTWARE\TrendMicro\Aegis\DebugLogFlags
HKLM\SOFTWARE\Wow6432Node\TrendMicro\AEGIS\DebugLogFlags - Disable DLP log:
- Open the registry editor and delete following keys:
HKLM\Software\Trend Micro\PC-cillinNTCorp\DlpLite\debugcfg
HKLM\Wow6432Node\Software\Trend Micro\PC-cillinNTCorp\DlpLite\debugcfg - Open the C:\ drive and delete the cdt_Dlplogger.cfg file.
- Open the registry editor and delete following keys:
- Disable Predictive Machine Leaning log:
Delete the following key in the registry editor:
HKLM\SOFTWARE\TrendMicro\Falcon
- iES:
- Server:
- Edit <install path>\iServiceSrv\iES\log4net.config.
- Set level value to error: <level value="ERROR" />.
- Change the registry HKLM\Software\TrendMicro\iES\EnableESLog to "0".
- Restart service: TrendMicroEndpointSensorService.
- Agent:
- Verify if process ESE_LogServer.exe is no longer running.
- Server:
- iVP:
- Server:
- Open config file <OfficeScan>\iServiceSrv\iVP\logging\logging.properties.
- Remove the following lines:
com.trendmicro.ivp.core.thread.CommandHandlerThread.level=ALL
com.trendmicro.ivp.core.command.osf.OSFOnNotifyCommand.level=ALL
com.trendmicro.ivp.core.command.UpdateClientSettingsCommand.level=ALL
com.trendmicro.ivp.core.command.NotifyResultCommand.level=ALL
com.trendmicro.ivp.core.command.HeartBeatCommand.level=ALL
com.trendmicro.ivp.core.util.SecurityConfigurationUtilities.level=ALL
com.trendmicro.ivp.integration.osce.osf.webservice.level=ALL
com.trendmicro.ivp.core.command.osf.OSFOnLogCommand.level=ALL
com.trendmicro.ivp.integration.osce.osf.webservice.object.OSFWebRequest.level=ALL
com.trendmicro.ivp.core.command.osf.OSFOnCommandCommand.level=ALL
- Agent:
- Edit vp_agent.ini located in C:\Program Files (x86)\Trend Micro\iService\iVP\config\ folder, and update: DebugLevel=1.
- Server:
- Disable general information (Ofcdebug.log):