Remote diagnostics of client devices

You can use remote diagnostics for remote execution of the following operations on client devices:

• Enabling and disabling tracing, changing the tracing level, and downloading the trace file
• Downloading system information and application settings
• Downloading event logs
• Generating a dump file for an application
• Starting diagnostics and downloading diagnostics reports
• Starting, stopping, and restarting applications

You can use event logs and diagnostics reports downloaded from a client device to troubleshoot problems on your own. Also, if you contact Kaspersky Technical Support, a Technical Support specialist might ask you to download trace files, dump files, event logs, and diagnostics reports from a client device for further analysis at Kaspersky.

The remote diagnostics is performed using Administration Server.

Opening the remote diagnostics window

To perform remote diagnostics on a client device, you first have to open the remote diagnostics window.

To open the remote diagnostics window:

1. To select the device for which you want to open the remote diagnostics window, perform one of the following:
   • If the device belongs to an administration group, go to DEVICES → MANAGED DEVICES.
   • If the device belongs to the Unassigned devices group, go to DISCOVERY & DEPLOYMENT → UNASSIGNED DEVICES.
2. Click the name of the required device.
3. In the device properties window that opens, select the Advanced tab.
4. In the window that opens, click Remote diagnostics.

   This opens the Remote diagnostics window of a client device.

Enabling and disabling tracing for applications

Expand all | Collapse all

You can enable and disable tracing for applications, including Xperf tracing.

Enabling and disabling tracing

To enable or disable tracing on a remote device:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, click Remote diagnostics.
3. In the Statuses and logs window that opens, select the Kaspersky applications section.

   This opens the list of Kaspersky applications installed on the device.

4. In the application list, select the application for which you want to enable or disable tracing.

   The list of remote diagnostics options is displayed.

5. If you want to enable tracing:
   1. In the Tracing section of the list, click Enable tracing.
   2. In the Modify tracing level window that opens, we recommend that you keep the default values of the settings. When required, a Technical Support specialist will guide you through the configuration process. The following settings are available:
      • Tracing level

        The tracing level defines the amount of detail that the trace file contains.

      • Rotation-based tracing

        The application overwrites the tracing information to prevent excessive increase in the size of the trace file. Specify the maximum number of files to be used to store the tracing information, and the maximum size of each file. If the maximum number of trace files of the maximum size are written, the oldest trace file is deleted so that a new trace file can be written.

        This setting is available for Kaspersky Endpoint Security only.

   3. Click Save.

   The tracing is enabled for the selected application. In some cases, the security application and its task must be restarted in order to enable tracing.

6. If you want to disable tracing for the selected application, click Disable tracing.

   The tracing is disabled for the selected application.

Enabling Xperf tracing

For Kaspersky Endpoint Security, a Technical Support specialist may ask you to enable Xperf tracing for information about the system performance.

To enable and configure Xperf tracing:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, click Remote diagnostics.
3. In the Statuses and logs window that opens, select the Kaspersky applications section.

   This opens the list of Kaspersky applications installed on the device.

4. In the list of applications, select Kaspersky Endpoint Security for Windows.

   The list of remote diagnostics options for Kaspersky Endpoint Security for Windows is displayed.

5. In the Xperf tracing section of the list, click Enable Xperf tracing.

   If Xperf tracing is already enabled, the Disable Xperf tracing button is displayed instead.

6. In the Change Xperf tracing level window that opens, depending on the request from the Technical Support specialist, do the following:
   1. Select one of the following tracing levels:
      • Light level

        A trace file of this type contains the minimum amount of information about the system.

        By default, this option is selected.

      • Deep level

        A trace file of this type contains more detailed information than trace files of the Light type and may be requested by Technical Support specialists when a trace file of the Light type is not enough for the performance evaluation. A Deep trace file contains technical information about the system including information about hardware, operating system, list of started and finished processes and applications, events used for performance evaluation, and events from Windows System Assessment Tool.

   2. Select one of the following Xperf tracing types:
      • Basic type

        The tracing information is received during operation of the Kaspersky Endpoint Security application.

        By default, this option is selected.

      • On-restart type

        The tracing information is received when the operating system starts on the managed device. This tracing type is effective when the issue that affects the system performance occurs after the device is turned on and before Kaspersky Endpoint Security starts.

      You may also be asked to enable the Rotation file size, in MB option to prevent excessive increase in the size of the trace file. Then specify the maximum size of the trace file. When the file reaches the maximum size, the oldest tracing information is overwritten with new information.

   3. Define the rotation file size.
   4. Click Save.

Xperf tracing is enabled and configured.

To disable Xperf tracing:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, click Remote diagnostics.
3. In the Statuses and logs window that opens, select the Kaspersky applications section.

   This opens the list of Kaspersky applications installed on the device.

4. In the list of applications, select Kaspersky Endpoint Security for Windows.

   The tracing options for Kaspersky Endpoint Security for Windows are displayed.

5. In the Xperf tracing section of the list, click Disable Xperf tracing.

   If Xperf tracing is already disabled, then the Enable Xperf tracing button is displayed instead.

Xperf tracing is disabled.

Downloading trace files of an application

To download a trace file of an application:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, click Remote diagnostics.
3. In the Statuses and logs window that opens, select the Kaspersky applications section.

   This opens the list of Kaspersky applications installed on the device.

   In the Tracing section, click the Trace files button.

   This opens the Device tracing logs window, where a list of trace files is displayed.

4. In the list of trace files, select the file that you want.
5. Do one of the following:
   • Download the selected file by clicking the Download entire file.
   • Download a portion of the selected file:
     1. Click Download a portion.
     2. In the window that opens, specify the name and the file portion to download, according to your needs.
     3. Click Download.

The selected file, or its portion, is downloaded to the location that you specify.

Deleting trace files

You can delete trace files that are no longer needed.

To delete a trace file:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window that opens, click Remote diagnostics.
3. In the Statuses and logs window that opens, make sure that the Operating system logs section is selected.
4. In the Trace files section, click the Windows Update logs button or Remote installation logs button, depending on which trace files you want to delete.

   This opens the list of trace files.

5. In the list of trace files, select the file that you want to delete.
6. Click the Remove button.

The selected trace file is deleted.

Downloading application settings

To download application settings from a client device:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window that opens, click Remote diagnostics.
3. In the Statuses and logs window that opens, make sure that the Operating system logs is selected in the right pane.
   • In the System Info section, click the Download file button to download the system information about the client device.
   • In the Application settings section, click the Download file button to download information about the settings of the applications installed on the device.

The information is downloaded to the location that you specify as a file.

Downloading event logs

To download an event log from a remote device:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, click Device logs.
3. In the All device logs window, select the relevant log.
4. Do one of the following:
   • Download the selected log by clicking Download entire file.
   • Download a portion of the selected log:
     1. Click Download a portion.
     2. In the window that opens, specify the name and the file portion to download, according to your needs.
     3. Click Download.

The selected event log, or a portion of it, is downloaded to the location that you specify.

Starting, stopping, restarting the application

You can start, stop, and restart applications on a client device.

To start, stop, or restart an application:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, click Remote diagnostics.
3. In the Statuses and logs window that opens, select the Kaspersky applications section.

   This opens the list of Kaspersky applications installed on the device.

4. In the list of applications, select the application that you want to start, stop, or restart.
5. Select an action by clicking one of the following buttons:
   • Stop application

     This button is available only if the application is currently running.

   • Restart application

     This button is available only if the application is currently running.

   • Start application

     This button is available only if the application is not currently running.

Depending on the action that you have selected, the required application is started, stopped, or restarted on the client device.

If you restart the Network Agent, a message is displayed stating that the current connection of the device to the Administration Server will be lost.

Running the remote diagnostics of Kaspersky Security Center Network Agent and downloading the results

To start diagnostics for Kaspersky Security Center Network Agent on a remote device and download the results:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window, click Remote diagnostics.
3. In the Statuses and logs window that opens, select the Kaspersky applications section.

   This opens the list of Kaspersky applications installed on the device.

4. In the list of applications, select Kaspersky Security Center Network Agent.

   The list of remote diagnostics options is displayed.

5. In the Diagnostics report section of the list, click the Run diagnostics button.

   This starts the remote diagnostics process and generates a diagnostics report. When the diagnostics process is complete, the Download diagnostics report button becomes available.

6. Download the report by clicking the Download diagnostics report button.

The report is downloaded to the location that you specified.

Running an application on a client device

You may have to run an application on the client device, if a Kaspersky support specialist requests it.

You do not have to install the application on that device.

To run an application on the client device:

1. Open the remote diagnostics window of a client device.
2. In the remote diagnostics window that opens, click Remote diagnostics.
3. In the Statuses and logs window that opens, select the Running a remote application section.
4. In the Running a remote application window, in the Application files section, do one of the following, according to what a Kaspersky specialist asks you to do:
   • Select a ZIP archive containing the application that you want to run on the client device by clicking the Browse button.
   • Specify a command-line application and its arguments, if necessary.
5. Follow the instructions of the specialist.