Tracing the Authentication Agent

The application logs service information about the operation of the Authentication Agent and information about the user's operations with the Authentication Agent in the trace file.

To enable Authentication Agent tracing:

  1. Enable Kaspersky Endpoint Security tracing.
  2. Restart the computer.
  3. As soon as a computer with encrypted hard drives starts, press the F3 button to call up a window for configuring Authentication Agent settings.
  4. After the FDE boot loader starts, select the KES (FDE <version>) boot manager.
  5. In the boot manager menu, go to the Log profile settings.

    Boot manager menu.

    Boot manager menu

  6. Select the tracing level in the log profile settings window:

    Authentication Agent trace levels.

    Authentication Agent trace levels

    • Release. If this option is selected, the application does not log information about Authentication Agent events in the trace file.
    • Debug. If this option is selected, the application logs information about the operation of the Authentication Agent and the user operations performed with the Authentication Agent in the trace file.
    • Debug on display. If this option is selected, the application logs information about the operation of the Authentication Agent and the user operations performed with the Authentication Agent in the trace file, and relays it via the COM port.

      If a computer with encrypted hard drives is connected to another computer via the COM port, Authentication Agent events can be examined from this other computer.

    • Verbose. If this option is selected, the application logs detailed information about the operation of the Authentication Agent and the user operations performed with the Authentication Agent in the trace file.

      The level of detail of entries under this option is higher compared to the level of the Debug option. A high level of detail of entries can slow down the startup of the Authentication Agent and the operating system.

    • Verbose on display. If this option is selected, the application logs detailed information about the operation of the Authentication Agent and the user operations performed with the Authentication Agent in the trace file, and relays it via the COM port.

      The level of detail of entries under this option is higher compared to the level of the Debug on display option. A high level of detail of entries can slow down the startup of the Authentication Agent and the operating system.

    After you select a trace level, the boot manager displays the menu again.

  7. In the boot manager menu, select Boot system.

    The FDE boot loader starts the Authentication Agent.

    Reproduce the problem.

    Data is recorded in the Authentication Agent trace file if there are encrypted hard drives on the computer or during full disk encryption.

  8. To stop the tracing process, return to the Support Tools window and disable tracing.

As a result, Authentication Agent KES.SRV operation trace files are created in the %ProgramData%\Kaspersky Lab\KES.12.11\Traces folder. The Authentication Agent trace file is not sent to Kaspersky, unlike other trace files of the application. If necessary, you can manually send the Authentication Agent trace file to Kaspersky for analysis.

Page top