How to collect BSS logs [KES for Windows]

[Antipova Anna]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

This article is about Kaspersky Endpoint Security for Windows (KES for Windows)

 

These logs are needed only in specific cases, to save time and effort do not collect these logs unless explicitly requested.

Behaviour Stream Signatures or BSS is a major part of System Watcher. Sometimes its logs are required to diagnose the issue.

Step-by-step guide

BSS log collecting is started via bases, so when you activate logging via the avp.com command, it will return an error. This is expected, since the product itself does not actually recognize the command, that is targeted for the bases.

1. Run <path_to_kes_folder>\avp.com trace on /bss
2. Ensure that BSS logs and KES traces are being generated in the %Programdata%\Kaspersky Lab\ folder(%ProgramData%\Kaspersky Lab\KES\Traces for KES 11.5). BSS trace will have .bsse$ extention.
3. Reproduce the issue, specify the timestamps when the issue had reproduced (HH:MM:SS format is mandatory)
4. Run <path_to_kes_folder>\avp.com trace off /bss
5. BSS log will have now .bsse extention.
6. Provide KES tracing, BSS logs and all other files requested.