How to collect diagnostic data using the FDERT utility if you have issues when decrypting a drive
Latest update: February 21, 2023 ID: 15910
This article concerns:
- Kaspersky Endpoint Security 11.10.0 for Windows (version 126.96.36.1999)
- Kaspersky Endpoint Security 11.9.0 for Windows (version 188.8.131.521)
- Kaspersky Endpoint Security 11.8.0 for Windows (version 184.108.40.2064)
- Kaspersky Endpoint Security 11.7.0 for Windows (version 220.127.116.119)
- Kaspersky Endpoint Security 11.6.0 for Windows (version 18.104.22.1684)
You can perform diagnostics only on the device where Kaspersky Endpoint Security for Windows is not installed or is installed without the Full-disk encryption (FDE) component.
To collect diagnostic data when decrypting a drive using the Encrypted Device Restore Utility (FDERT), do the following:
- Start the FDERT Utility on the computer where you try to decrypt a drive. For instructions, see Online Help.
- Click Settings.
- Select the Save Restore Utility event log in folder checkbox, click Browse and select a folder to save the utility event log. Click OK.
To make the search of diagnostic results easier, we recommend specifying an empty folder or the folder where the executable file of the FDERT utility is located.
- Select the drive you want to decrypt from the Select device drop-down list and click Scan.
- When the scanning is complete, click Save diagnostics and save the archive with the diagnostic data.
- Reproduce the issue when decrypting the drive.
- Click Export log and save the utility log.
- Close the FDERT utility.
- Send to Kaspersky technical support the following files:
- The fdert-DD-MM-YYYY.log and fdert_service-DD-MM-YYYY.log files from the folder that you selected at step 3
- The ZIP file with the FDERT diagnostics results
- The CSV file with the FDERT utility log
Wait for the technical support answer and follow the recommendations.
How to collect data using the FDE disk dump tool utility
To collect diagnostic data using the FDE disk dump tool utility, do the following:
- Open Disk Management by using the diskmgmt.msc command. Find the drive with the RAW partition and memorize its number. You will need it at step 6. For details, see the Microsoft support site.
- Take a screenshot of the Disk Management window and highlight the affected drive.
- Create an empty folder on the computer with the affected drive. Copy into this folder the fde_disk_dump_tool.exe file that was sent to you by a Kaspersky technical support engineer.
- Open the command line with administrator’s rights. See this article for instructions.
- By running the cd command, open the folder with the fde_disk_dump_tool.exe utility.
- Start the utility with the command:
Where N is the drive number from step 1. Example: fde_disk_dump_tool.exe \\.\PhysicalDrive0.
- Wait until the utility has finished running.
The log and diagnostic results will be saved in the folder where the utility is located.
Send to Kaspersky technical support all the files generated by the FDE disk dump tool utility and the screenshot taken at step 2.