Remote diagnostics of client devices

You can use remote diagnostics for remote execution of the following operations on Windows-based and Linux-based client devices:

• Enabling and disabling tracing, changing the tracing level, and downloading the trace file
• Downloading system information and application settings
• Downloading event logs
• Generating a dump file for an application
• Starting diagnostics and downloading diagnostics reports
• Starting, stopping, and restarting applications

You can use event logs and diagnostics reports downloaded from a client device to troubleshoot problems on your own. Also, if you contact Kaspersky Technical Support, a Technical Support specialist might ask you to download trace files, dump files, event logs, and diagnostics reports from a client device for further analysis at Kaspersky.

Opening the remote diagnostics window

To perform remote diagnostics on Windows-based and Linux-based client devices, you first have to open the remote diagnostics window.

To open the remote diagnostics window:

1. To select the device for which you want to open the remote diagnostics window, perform one of the following:
   • If the device belongs to an administration group, in the main menu, go to Assets (Devices) → Managed devices.
   • If the device belongs to the Unassigned devices group, in the main menu, go to Discovery & deployment → Unassigned devices.
2. Click the name of the required device.
3. In the device properties window that opens, select the Advanced tab.
4. In the window that opens, click Remote diagnostics.

   This opens the Remote diagnostics window of a client device. If connection between Administration Server and the client device is not established, the error message displays.

Alternatively, if you need to obtain all diagnostic information about a Linux-based client device at once, you can run the collect.sh script on this device.

Enabling and disabling tracing for applications

Expand all | Collapse all

You can enable and disable tracing for applications, including Xperf tracing.

Enabling and disabling tracing

To enable or disable tracing on a remote device:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, select the Kaspersky applications tab.

   In the Application management section, the list of Kaspersky applications installed on the device displays.

3. In the list of applications, select the application for which you want to enable or disable tracing.

   The list of remote diagnostics options opens.

4. If you want to enable tracing:
   1. In the Tracing section, click Enable tracing.
   2. In the Modify tracing level window that opens, we recommend that you keep the default values of the settings. When required, a Technical Support specialist will guide you through the configuration process. The following settings are available:
      • Tracing level

        The tracing level defines the amount of detail that the trace file contains.

      • Rotation-based tracing

        The application overwrites the tracing information to prevent excessive increase in the size of the trace file. Specify the maximum number of files to be used to store the tracing information, and the maximum size of each file. If the maximum number of trace files of the maximum size are written, the oldest trace file is deleted so that a new trace file can be written.

        This setting is available for Kaspersky Endpoint Security only.

   3. Click Save.

   The tracing is enabled for the selected application. In some cases, the security application and its task must be restarted in order to enable tracing.

   On Linux-based client devices, tracing for the Updater of Network Agent component is regulated by the Network Agent settings. Therefore, the Enable tracing and Modify tracing level options are disabled for this component on client devices running Linux.

5. If you want to disable tracing for the selected application, click the Disable tracing button.

   The tracing is disabled for the selected application.

Enabling Xperf tracing

For Kaspersky Endpoint Security, a Technical Support specialist may ask you to enable Xperf tracing for information about the system performance.

To enable and configure Xperf tracing or disable it:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, select the Kaspersky applications tab.

   In the Application management section, the list of Kaspersky applications installed on the device displays.

3. In the list of applications, select Kaspersky Endpoint Security for Windows.

   The list of remote diagnostics options for Kaspersky Endpoint Security for Windows displays.

4. In the Xperf tracing section, click Enable Xperf tracing.

   If Xperf tracing is already enabled, the Disable Xperf tracing button is displayed instead. Click this button if you want to disable Xperf tracing for Kaspersky Endpoint Security for Windows.

5. In the Change Xperf tracing level window that opens, depending on the request from the Technical Support specialist, do the following:
   1. Select one of the following tracing levels:
      • Light level

        A trace file of this type contains the minimum amount of information about the system.

        By default, this option is selected.

      • Deep level

        A trace file of this type contains more detailed information than trace files of the Light type and may be requested by Technical Support specialists when a trace file of the Light type is not enough for the performance evaluation. A Deep trace file contains technical information about the system including information about hardware, operating system, list of started and finished processes and applications, events used for performance evaluation, and events from Windows System Assessment Tool.

   2. Select one of the following Xperf tracing types:
      • Basic type

        The tracing information is received during operation of the Kaspersky Endpoint Security application.

        By default, this option is selected.

      • On-restart type

        The tracing information is received when the operating system starts on the managed device. This tracing type is effective when the issue that affects the system performance occurs after the device is turned on and before Kaspersky Endpoint Security starts.

      You may also be asked to enable the Rotation file size, in MB option to prevent excessive increase in the size of the trace file. Then specify the maximum size of the trace file. When the file reaches the maximum size, the oldest tracing information is overwritten with new information.

   3. Define the rotation file size.
   4. Click Save.

   Xperf tracing is enabled and configured.

6. If you want to disable Xperf tracing for Kaspersky Endpoint Security for Windows, click Disable Xperf tracing in the Xperf tracing section.

   Xperf tracing is disabled.

Downloading trace files of an application

To download a trace file of an application:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, select the Kaspersky applications tab.

   In the Application management section, the list of Kaspersky applications installed on the device displays.

3. In the list of applications, select the application for which you want to download a trace file.
4. In the Tracing section, click the Trace files button.

   This opens the Device tracing logs window, where a list of trace files is displayed.

5. In the list of trace files, select the file that you want to download.
6. Do one of the following:
   • Download the selected file by clicking Download. You can select one or several files for downloading.
   • Download a portion of the selected file:
     1. Click Download a portion.

        You cannot download portions of several files at the same time. If you select more than one trace file, the Download a portion button will be disabled.

     2. In the window that opens, specify the name and the file portion to download, according to your needs.

        For Linux-based devices, editing the file portion name is not available.

     3. Click Download.

The selected file, or its portion, is downloaded to the location that you specify.

Deleting trace files

You can delete trace files that are no longer needed.

To delete a trace file:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window that opens, select the Event logs tab.
3. In the Trace files section, click Windows Update logs or Remote installation logs, depending on which trace files you want to delete.

   The Windows Update logs link is available only for Windows-based client devices.

   This opens the Device tracing logs window, where a list of trace files is displayed.

4. In the list of trace files, select one or several files that you want to delete.
5. Click the Remove button.

The selected trace files are deleted.

Downloading application settings

To download application settings from a client device:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, select the Kaspersky applications tab.
3. In the Application settings section, click the Download button to download information about the settings of the applications installed on the client device.

The ZIP archive with information is downloaded to the specified location.

Downloading system information from a client device

To download system information from a client device:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, select the System information tab.
3. Click the Download button to download the system information about the client device.

   If you obtain system information about a Linux-based device, a dump file for emergency terminated applications is added to the resulting file.

The file with information is downloaded to the specified location.

Downloading event logs

To download an event log from a remote device:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, on the Event logs tab, click All device logs.
3. In the All device logs window, select one or several relevant logs.
4. Do one of the following:
   • Download the selected log by clicking Download entire file.
   • Download a portion of the selected log:
     1. Click Download a portion.

        You cannot download portions of several logs at the same time. If you select more than one event log, the Download a portion button will be disabled.

     2. In the window that opens, specify the name and the log portion to download, according to your needs.

        For Linux-based devices, editing the log portion name is not available.

     3. Click Download.

The selected event log, or a portion of it, is downloaded to the specified location.

Starting, stopping, restarting the application

You can start, stop, and restart applications on a client device.

To start, stop, or restart an application:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, select the Kaspersky applications tab.

   In the Application management section, the list of Kaspersky applications installed on the device displays.

3. In the list of applications, select the application that you want to start, stop, or restart.
4. Select an action by clicking one of the following buttons:
   • Stop application

     This button is available only if the application is currently running.

   • Restart application

     This button is available only if the application is currently running.

   • Start application

     This button is available only if the application is not currently running.

   Depending on the action that you have selected, the required application is started, stopped, or restarted on the client device.

If you restart the Network Agent, a message is displayed stating that the current connection of the device to the Administration Server will be lost.

Running the remote diagnostics of Kaspersky Security Center Network Agent and downloading the results

To start diagnostics for Kaspersky Security Center Network Agent on a remote device and download the results:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, select the Kaspersky applications tab.

   In the Application management section, the list of Kaspersky applications installed on the device displays.

3. In the list of applications, select Kaspersky Security Center Network Agent.

   The list of remote diagnostics options opens.

4. In the Diagnostics report section, click the Run diagnostics button.

   This starts the remote diagnostics process and generates a diagnostics report. When the diagnostics process is complete, the Download diagnostics report button becomes available.

5. Click the Download diagnostics report button to download the report.

The report is downloaded to the specified location.

Running an application on a client device

You may have to run an application on the client device, if a Kaspersky support specialist requests it. You do not have to install the application on that device.

To run an application on the client device:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, select the Running a remote application tab.
3. In the Application files section, click the Browse button to select a ZIP archive containing the application that you want to run on the client device.

   The ZIP archive must include the utility folder. This folder contains the executable file to be run on a remote device.

   You can specify the executable file name and the command-line arguments, if necessary. To do this, fill in the Executable file in an archive to be run on a remote device and Command-line arguments fields.

4. Click the Upload and run button to run the specified application on a client device.
5. Follow the instructions of the Kaspersky support specialist.

Generating a dump file for an application

An application dump file allows you to view the parameters of the application running on a client device at a point in time. This file also contains information about modules that were loaded for an application.

Obtaining dump files from Linux-based devices is not supported.

To obtain dump files through remote diagnostics, the kldumper utility is used. This utility is designed to obtain the dump files of processes of Kaspersky applications at the request of technical support specialists. Detailed information on the requirements for using the kldumper utility is provided in the Open Single Management Platform Knowledge Base.

To create a dump file for an application:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, select the Running a remote application tab.
3. In the Generating the process dump file section, specify the executable file of the application for which you want to generate a dump file.
4. Click the Download dump file button.

   An archive with the dump file for the specified application is downloaded.

   If the specified application is not running on the client device, the "result" folder contained in the downloaded archive will be empty.

   If the specified application is running, but the downloading fails with an error or the "result" folder contained in the downloaded archive is empty, refer to the Open Single Management Platform Knowledge Base.

Running remote diagnostics on a Linux-based client device

Open Single Management Platform allows you to download the basic diagnostic information from a client device. Alternatively, you can obtain the diagnostic information about a Linux-based device by using the collect.sh script by Kaspersky. This script is run on the Linux-based client device that needs to be diagnosed, and then it generates a file with the diagnostic information, the system information about this device, trace files of applications, device logs, and a dump file for emergency-terminated applications.

We recommend that you use the collect.sh script to obtain all diagnostic information about the Linux-based client device at once. If you download the diagnostic information remotely through Open Single Management Platform, you will need to go through all sections of the remote diagnostics interface. Also the diagnostic information for a Linux-based device will probably not be obtained completely.

If you need to send the generated file with the diagnostic information to the Kaspersky Technical Support, delete all confidential information before sending the file.

To download the diagnostic information from a Linux-based client device by using the collect.sh script:

1. Download the collect.sh script packed in the collect.tar.gz archive.
2. Copy the downloaded archive to the Linux-based client device that needs to be diagnosed.
3. Run the following command to unpack the collect.tar.gz archive:

   # tar -xzf collect.tar.gz

4. Run the following command to specify the script execution rights:

   # chmod +x collect.sh

5. Run the collect.sh script by using an account with administrator rights:

   # ./collect.sh

A file with the diagnostic information is generated and saved to the /tmp/$HOST_NAME-collect.tar.gz folder.