Answer
Use these instructions when requested by a GFI Technical Support Representative. If you do not have an open case, please first submit a request at www.gfi.com/supportform.Perform the following steps to help us gather the required information and isolate the issue:
Step 1: On the GFI EndPointSecurity Console:- Enable Debug by performing the following steps:
- Stop the GFI EndPointSecurity service.
- Go to the installation folder of GFI EndPointSecurity and open the crmiini.xml file with Notepad.
- Change the Debug value from 0 to 1, and save the file.
- Restart the GFI EndPointSecurity Service.
- Go to Start > Programs > GFI EndPointSecurity and start GFI EndPointSecurityTroubleshooter.
- Go to the installation directory of GFI EndPointSecurity and locate the Zip file named <Year_Month_Day_####_###_ESECSupport>.zip. Place the Zip file in a folder named with the format Year_Month_Day_<GFI-xxxxx-xxx> (For example: 2008_08_16_GFI-12323-6789).
- Save your Application and System event logs as "Windows event log format (EVT)" to the folder create on step 3.
- Open a command prompt as an Administrator and execute the following command gpresult /user <Domain\User> /V>c:\gpresult.txt
For example: gpresult /user mydomain\administrator /V >c:\gpresult.txt
- Copy the gpresult.txt to the folder create on step 3.
- Reproduce the issue and note the exact date/time (to the second, from date and time properties) of the access event to allow for more accurate review of logging.
- gpresult /user < yourdomain\User> /V >c:\gpresult.txt Then, put gpresult.txt in a folder called Agent. With the User that reproduced the issue logged in, run the command:
- Save the System, Application and GFI EndPointSecurity Event logs as "Windows event log format (EVT)", then place them in the Agent folder.
- With the device plugged in, open regedit and export the full list of devices plugged into the computer (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum) and save it to the Agent folder.
- Generate a gfinfo.nfo file by typing msinfo32 /nfo c:\gfinfo.nfo in the Start > Run line, then place gfinfo.nfo in the Agent folder.
- With the device plugged in, open device manager and expand the nodes that show the device. Take a screenshot and add it to the Agent folder.
- Copy the entire EndPointSecurity 6 Agent\DebugLogs directory the to the Agent folder.
- Copy the following files to the Agent folder: <Windows>\EndPointSecurity\*.csv and *.log
- Copy the Agent folder to the Year_Month_Day_<GFI-xxxxx-xxx> folder on the GFI EndPointSecurity Console machine.
- Zip the Year_Month_Day_<GFI-xxxxx-xxx> folder.
- Upload the file to our FTP server:
-
Login to the FTP server (Note: If you see a page with many files and folders, right-click on the page and choose Logon As..., and put in the credentials below).
-
FTP Server details:
- Host: ftp://ftp.gfisoftware.com
- User: gfi
- Pass: gfi911cust
- (If using Internet Explorer use ftp://gfi:gfi911cust@ftp.gfisoftware.com)
-
FTP Server details:
- Copy and paste the file into the page.
- Reply to the case email with the exact filename uploaded. Provide any necessary details that may assist in reviewing the logging.