Remote diagnostics of client devices

You can use remote diagnostics for remote execution of the following operations on Windows-based and Linux-based client devices:

• Enabling and disabling tracing, changing the tracing level, and downloading the trace file
• Downloading system information and application settings
• Downloading event logs
• Generating a dump file for an application
• Starting diagnostics and downloading diagnostics reports
• Starting, stopping, and restarting applications

You can use event logs and diagnostics reports downloaded from a client device to troubleshoot problems on your own. Also, if you contact Kaspersky Technical Support, a Technical Support specialist might ask you to download trace files, dump files, event logs, and diagnostics reports from a client device for further analysis at Kaspersky.

Opening the remote diagnostics window

To perform remote diagnostics on Windows-based and Linux-based client devices, you first have to open the remote diagnostics window.

To open the remote diagnostics window:

1. To select the device for which you want to open the remote diagnostics window, perform one of the following:
   • If the device belongs to an administration group, in the main menu, go to Assets (Devices) → Groups → <group name> → Managed devices.
   • If the device belongs to the Unassigned devices group, in the main menu, go to Discovery & deployment → Unassigned devices.
2. Click the name of the required device.
3. In the device properties window that opens, select the Advanced tab.
4. In the window that opens, click Remote diagnostics.

   This opens the Remote diagnostics window of a client device. If connection between Administration Server and the client device is not established, the error message is displayed.

Alternatively, if you need to obtain all diagnostic information about a Linux-based client device at once, you can run the collect.sh script on this device.

Enabling and disabling tracing for applications

Expand all | Collapse all

You can enable and disable tracing for applications, including Xperf tracing.

Enabling and disabling tracing

To enable or disable tracing on a remote device:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, select the Kaspersky applications tab.

   In the Application management section, the list of Kaspersky applications installed on the device displays.

3. In the application list, select the application for which you want to enable or disable tracing.

   The list of remote diagnostics options opens.

4. If you want to enable tracing:
   1. In the Tracing section, click Enable tracing.
   2. In the Modify tracing level window that opens, we recommend that you keep the default values of the settings. When required, a Technical Support specialist will guide you through the configuration process. The following settings are available:
      • Tracing level

        The tracing level defines the amount of detail that the trace file contains.

      • Rotation-based tracing

        The application overwrites the tracing information to prevent excessive increase in the size of the trace file. Specify the maximum number of files to be used to store the tracing information, and the maximum size of each file. If the maximum number of trace files of the maximum size are written, the oldest trace file is deleted so that a new trace file can be written.

        This setting is available for Kaspersky Endpoint Security only.

   3. Click Save.

   The tracing is enabled for the selected application. In some cases, the security application and its task must be restarted in order to enable tracing.

   On Linux-based client devices, tracing for the Updater of Kaspersky Security Agent component is regulated by the Network Agent settings. Therefore, the Enable tracing and Modify tracing level options are disabled for this component on client devices running Linux.

5. If you want to disable tracing for the selected application, click Disable tracing.

   The tracing is disabled for the selected application.

Enabling Xperf tracing

For Kaspersky Endpoint Security, a Technical Support specialist may ask you to enable Xperf tracing for information about the system performance.

To enable and configure Xperf tracing or disable it:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, select the Kaspersky applications tab.

   In the Application management section, the list of Kaspersky applications installed on the device displays.

3. In the list of applications, select Kaspersky Endpoint Security for Windows.

   The list of remote diagnostics options for Kaspersky Endpoint Security for Windows displays.

4. In the Xperf tracing section, click Enable Xperf tracing.

   If Xperf tracing is already enabled, the Disable Xperf tracing button is displayed instead. Click this button if you want to disable Xperf tracing for Kaspersky Endpoint Security for Windows.

5. In the Change Xperf tracing level window that opens, depending on the request from the Technical Support specialist, do the following:
   1. Select one of the following tracing levels:
      • Light level

        A trace file of this type contains the minimum amount of information about the system.

        By default, this option is selected.

      • Deep level

        A trace file of this type contains more detailed information than trace files of the Light type and may be requested by Technical Support specialists when a trace file of the Light type is not enough for the performance evaluation. A Deep trace file contains technical information about the system including information about hardware, operating system, list of started and finished processes and applications, events used for performance evaluation, and events from Windows System Assessment Tool.

   2. Select one of the following Xperf tracing types:
      • Basic type

        The tracing information is received during operation of the Kaspersky Endpoint Security application.

        By default, this option is selected.

      • On-restart type

        The tracing information is received when the operating system starts on the managed device. This tracing type is effective when the issue that affects the system performance occurs after the device is turned on and before Kaspersky Endpoint Security starts.

      You may also be asked to enable the Rotation file size, in MB option to prevent excessive increase in the size of the trace file. Then specify the maximum size of the trace file. When the file reaches the maximum size, the oldest tracing information is overwritten with new information.

   3. Define the rotation file size.
   4. Click Save.

   Xperf tracing is enabled and configured.

6. If you want to disable Xperf tracing for Kaspersky Endpoint Security for Windows, click Disable Xperf tracing in the Xperf tracing section.

   Xperf tracing is disabled.

Downloading trace files of an application

You can download trace files from a client device only if one of the following conditions is met: the Do not disconnect from the Administration Server option is enabled in the settings of the device, a push server is in use, or a connection gateway is in use. Otherwise, downloading is not possible.

The maximum total number of devices with the Do not disconnect from the Administration Server option selected is 300.

To download a trace file of an application:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, select the Kaspersky applications tab.

   In the Application management section, the list of Kaspersky applications installed on the device displays.

3. In the list of applications, select the application for which you want to download a trace file.
4. In the Tracing section, click the Trace files button.

   This opens the Device tracing logs window, where a list of trace files is displayed.

5. In the list of trace files, select the file that you want to download.
6. Do one of the following:
   • Download the selected file by clicking the Download. You can select one or several files for downloading.
   • Download a portion of the selected file:
     1. Click Download a portion.

        You cannot download portions of several files at the same time. If you select more than one trace file, the Download a portion button will be disabled.

     2. In the window that opens, specify the name and the file portion to download, according to your needs.

        For Linux-based devices, editing the file portion name is not available.

     3. Click Download.

The selected file, or its portion, is downloaded to the location that you specify.

Deleting trace files

You can delete trace files that are no longer needed.

To delete a trace file:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window that opens, select the Event logs tab.
3. In the Trace files section, click Windows Update logs or Remote installation logs, depending on which trace files you want to delete.

   This opens the Device tracing logs window, where a list of trace files is displayed.

4. In the list of trace files, select one or several files that you want to delete.
5. Click the Remove button.

The selected trace files are deleted.

Downloading application settings

You can download application settings from a client device only if one of the following conditions is met: the Do not disconnect from the Administration Server option is enabled in the settings of the device, a push server is in use, or a connection gateway is in use. Otherwise, downloading is not possible.

The maximum total number of devices with the Do not disconnect from the Administration Server option selected is 300.

To download application settings from a client device:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, select the Kaspersky applications tab.
3. In the Application settings section, click the Download button to download information about the settings of the applications installed on the client device.

The ZIP archive with information is downloaded to the specified location.

Downloading system information from a client device

You can download system information to your device from a client device only if one of the following conditions is met: the Do not disconnect from the Administration Server option is enabled in the settings of the device, a push server is in use, or a connection gateway is in use. Otherwise, downloading is not possible.

The maximum total number of devices with the Do not disconnect from the Administration Server option selected is 300.

To download system information from a client device:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, select the System information tab.
3. Click the Download button to download the system information about the client device.

The file with information is downloaded to the specified location.

Downloading event logs

You can download event logs to your device from a client device only if one of the following conditions is met: the Do not disconnect from the Administration Server option is enabled in the settings of the device, a push server is in use, or a connection gateway is in use. Otherwise, downloading is not possible.

The maximum total number of devices with the Do not disconnect from the Administration Server option selected is 300.

To download an event log from a remote device:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, on the Event logs tab, click All device logs.
3. In the All device logs window, select one or several relevant logs.
4. Do one of the following:
   • Download the selected log by clicking Download entire file.
   • Download a portion of the selected log:
     1. Click Download a portion.

        You cannot download portions of several logs at the same time. If you select more than one event log, the Download a portion button will be disabled.

     2. In the window that opens, specify the name and the log portion to download, according to your needs.
     3. Click Download.

The selected event log, or a portion of it, is downloaded to the specified location.

Starting, stopping, restarting the application

You can start, stop, and restart applications on a client device.

To start, stop, or restart an application:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, select the Kaspersky applications tab.

   In the Application management section, the list of Kaspersky applications installed on the device displays.

3. In the list of applications, select the application that you want to start, stop, or restart.
4. Select an action by clicking one of the following buttons:
   • Stop application

     This button is available only if the application is currently running.

   • Restart application

     This button is available only if the application is currently running.

   • Start application

     This button is available only if the application is not currently running.

Depending on the action that you have selected, the required application is started, stopped, or restarted on the client device.

If you restart the Network Agent, a message is displayed stating that the current connection of the device to the Administration Server will be lost.

Running the remote diagnostics of an application and downloading the results

To start diagnostics for an application on a remote device and download the results:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, select the Kaspersky applications tab.

   In the Application management section, the list of Kaspersky applications installed on the device displays.

3. In the list of applications, select the application for which you want to run remote diagnostics.

   The list of remote diagnostics options opens.

4. In the Diagnostics report section, click the Run diagnostics button.

   This starts the remote diagnostics process and generates a diagnostics report. When the diagnostics process is complete, the Download diagnostics report button becomes available.

5. Click the Download diagnostics report button to download the report.

The report is downloaded to the specified location.

Running an application on a client device

You may have to run an application on the client device, if a Kaspersky support specialist requests it. You do not have to install the application on that device.

To run an application on the client device:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, select the Running a remote application tab.
3. In the Running a remote application section, click the Upload button to select a ZIP archive containing the application that you want to run on the client device.

   The ZIP archive must include the utility folder. This folder contains the executable file to be run on a remote device.

   You can specify the executable file name and the command-line arguments, if necessary. To do this, fill in the Executable file in an archive to be run on a remote device and Command line arguments fields.

4. Click the Upload and run button to run the specified application on a client device.
5. Follow the instructions of the Kaspersky support specialist.

Generating a dump file for an application

An application dump file allows you to view parameters of the application running on a client device at a point in time. This file also contains information about modules that were loaded for an application.

Generating dump files is available only for 32-bit processes running on Windows-based client devices. For client devices running Linux and for 64-bit processes this feature is not supported.

To create a dump file for an application:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, select click the Running a remote application tab.
3. In the Generating the process dump file section, specify the executable file of the application for which you want to generate a dump file.
4. Click the Download button to save the dump file for the specified application.

   If the specified application is not running on the client device, the error message will be displayed.