Where can I find the diagnostic program? - Powered by Kayako Help Desk Software

Technical support

DESLOCK is now ESET ENDPOINT ENCRYPTION

Knowledgebase

(160)ESET Endpoint Encryption Client (163)ESET Endpoint Encryption Server

Knowledgebase

Where can I find the diagnostic program?

Article ID: KB29

email a link to this article

The ESET Endpoint Encryption Diagnostics utility

If you are experiencing any problems with the ESET Endpoint Encryption client software and wish to submit a ticket for the support team to investigate your problem, then it may be that the support team will ask you to provide a diagnostics file which can be generated by running our diagnostics utility.

The utility generates a log of both the software and general system information to aid the support team in analysing your problem.

You can download the Diagnostics utility using this link : ESET Endpoint Encryption Diagnostics utility

Please note you should always run the latest version of the Diagnostics utility. You can check the version and/or hash below. If you are unsure which version you have, just download the file again.

Version	Last Updated	SHA256 Hash
3.4.0.105	13/08/2019	772aa9589e5bcf7b0a30f58d0e8f7f98a8476512f99358668adb1795e199e071

On recent versions of Windows, you can generate a hash using certutil : certutil -hashfile <filename> SHA256

Running the Diagnostics utility

Unless specifically directed to do so by a support team member, you should always run the Diagnostics utility following the instructions below.

You should run the utility whilst logged in to Windows as the user experiencing the problem, and unless advised otherwise, you must not right click and 'Run as administrator'.

The ESET Endpoint Encryption Diagnostics utility gathers information about the software that can not be obtained if you run it in another user context.

The Diagnostics utility needs to gather information as the currently active Windows user

Part way through running, the Diagnostics utility will need to run an elevated, that is Administrative, component to gather information about the machine itself.

If the customers problem is related to Full Disk Encryption, it is almost always necessary to perform this step, as information required can not be gathered without Administrator level access.

If the user has Administrator rights, this will mean accepting the UAC prompt.

If the user does not have Administrator rights, you can enter different user credentials at this point and will be prompted to do so.

If it is not possible to run this component, e.g. because the user can not provide Administrator credentials, other information may need to be requested later by the support team, depending on the nature of the problem.

Clicking 'No' will skip running the Administrative component. If you entered the credentials incorrectly, click 'Yes' and you can try again.

The Administrative component displays its activity window over the top of the User component.

Whilst the Admin Diagnostics is running, it performs a file search over the users data. This search is looking for specific ESET Endpoint Encryption files and encrypted folders, it does not read, catalogue, analyse or store anything about any other files, except where the files are of a '.dat' type. In these instances, the file will be read to determine if it matches our specific header and ignored otherwise.

Once the utility has finished working, a .zip file will be created on the users Desktop with a filename beginning 'eediag_log' followed by the current time and date in UTC format. This file should be submitted to the support team, either via email or ticketting system.

What information does the Diagnostics utility collect?

The Diagnostics utility collects information that helps the Support team diagnose problems that have occurred whilst using the software.

When run fully, it gathers information about the machines configuration, the active users settings, policies and configuration.

Information about FDE and Server cloud packets is kept in an encrypted state and we can not decrypt it because only you and your Server have the keys.

The information gathered is quite broad and varied because it assists the Support team to look for settings or files that may cause conflicts and problems with the software, this can often save time in the long run because all the information is presented to us at once, rather than having to keep making requests.

As of Version 3.3.0.88, and later, the following files may appear in the eediag zip file, depending on settings

Filename	Purpose	Present
admin_log.txt	Contains information gathered via the Administrative component, locations of software files, Key-Files, active processes, driver information and disk information	Always (Admin)
blat_log.txt	Contains information related to upgrade processes used during installation and upgrades	Always
current_dlploy.txt	Contains logging information about cloud communications within a managed environment	Managed
dlpcrashdumps.txt	Contains information about any components that have generated crash dumps	Always
eediag_log_<time>_<date>.txt	Contains information gathered whilst running in the User context, including current Key-File state and some system information	Always
evt_application.txt	Contains recent entries in the machines Application event log	Always
evt_crash.txt	Contains a log of all application crashes recorded in the Application event log	Always
evt_deslock.txt	Contains recent entries in the machines Endpoint Encryption event log	Always
evt_power.txt	Contains a log of power events, start up, shutdown and power interruptions	Always
evt_system.txt	Contains recent entries in the System event log	Always
SafeStart.txt	Contains information reported by FDE Safe Start, if it was used	Always
Services.txt	Contains information about all currently installed Services	Always
sysinfo.txt	Contains information that is normally sent back to an Enterprise Server	Always
system.nfo	Contains an export from MSInfo32, a Microsoft system information tool	Always (Admin)
update_db.xml	Contains encrypted copies of updates and responses when is used in a managed environment	Managed
x_dlploadr.bin	Contains the FDE meta data, where x will be the drive letter the file was found on	FDE Encrypted
<username>_dlploy.txt	Contains logging information about cloud communications within a managed environment, one for each user profile found	Managed (Admin)
<username>_esdirect.txt	Contains logging information for the auto-enrolement feature in a managed environment, one for each user profile found	Managed (Admin)
efde_ais_<date>	Contains logging information for the EFDE service	EFDE ONLY
Status	Contains information in relation to the current EFDE status	EFDE ONLY

If you have upgraded from some much older installs, there may also be additional logs that correspond to deprecated files, there may also be files created as the result of instructions provided by the support team.

So that we can provide effective and accurate support, please do NOT modify the contents of the zip file.

Help Desk Software by Kayako