Jump to content
Update to the Latest Version for Smooth VPN Performance ×
Kaspersky Support Forum

How to collect ETW logs for drivers [Kaspersky Endpoint Security for Windows]

svc_kms

Entry posted by svc_kms in How-to

10 views

 Share

KES 11.5+

Just enable KES tracing and driver trace will also be running. It will be stored in C:\ProgramData\Kaspersky Lab\KES\Traces and have name like KES.%version%_MM.DD_HH.mm_PID.drivers.etl

Quote

Same as KES tracing, it is recommended to collect driver trace since driver startup unless it is affecting the issue reproduction or unless explicitly said it is mandatory for specific issue. So, after enabling KES trace it is enough to reboot the PC. This will both run driver logging on system boot and KES since service start. It is also recommended to collect drivers logs all at once, no matter the fact you'll find how to start them separately for specific driver below. Still, it is mandatory to identify the problematic driver prior to collecting diagnostics unless it is impossible due to certain reasons. 

Batch scripts to run driver logs altogether

ETW_drivers.zip

On demand

  1. Download attached archive and extract it into desired folder.
  2. Run elevated CMD(as administrator. Otherwise you'll get an access denied error).
  3. CD to the folder where the script file drivers_on_demand.cmd resides and run it.
  4. Driver trace will start till you hit any key in the cmd and stop immediately. Driver logs should be present in the same folder where script was executed.

On demand for long time (split log files)

  1. Download attached archive and extract it into desired folder.
  2. Run elevated CMD (as administrator. Otherwise you'll get an access denied error).
  3. CD to the folder where the script file drivers_on_demand_long_time.cmd resides and run it.
  4. Driver trace will start till you press any key in the cmd and stop if you press it again. Driver logs should be present in the same folder where script was executed.

On boot

  1. Download attached archive and extract it into desired folder.
  2. Run elevated CMD(as administrator. Otherwise you'll get an access denied error).
  3. CD to the folder where the script file enable_drivers_boot.cmd resides and run it. Do not run it more than once, and do not try to run disable_drivers_boot.cmd before the reboot.
  4. Driver trace will start after reboot. To stop the capture, run disable_drivers_boot.cmd, also from elevated CMD.
    Quote

    Use this .cmd file only when the problem is reproduced during Windows startup. Otherwise, use on demand bat files. 

     

 

 Share

0 Comments

Recommended Comments

There are no comments to display.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...