Technical support

Where can I find the diagnostic program?
Article ID: KB29 email a link to this article

The ESET Endpoint Encryption Diagnostics utility

If you are experiencing any problems with the ESET Endpoint Encryption client software and wish to submit a ticket for the support team to investigate your problem, then it may be that the support team will ask you to provide a diagnostics file which can be generated by running our diagnostics utility.


The utility generates a log of both the software and general system information to aid the support team in analysing your problem.


You can download the Diagnostics utility using this link : ESET Endpoint Encryption Diagnostics utility

Please note you should always run the latest version of the Diagnostics utility. You can check the version and/or hash below. If you are unsure which version you have, just download the file again.


Version Last Updated SHA256 Hash 13/08/2019 772aa9589e5bcf7b0a30f58d0e8f7f98a8476512f99358668adb1795e199e071

On recent versions of Windows, you can generate a hash using certutil : certutil -hashfile <filename> SHA256


Running the Diagnostics utility

Unless specifically directed to do so by a support team member, you should always run the Diagnostics utility following the instructions below.


You should run the utility whilst logged in to Windows as the user experiencing the problem, and unless advised otherwise, you must not right click and 'Run as administrator'.


The ESET Endpoint Encryption Diagnostics utility gathers information about the software that can not be obtained if you run it in another user context.

The Diagnostics utility needs to gather information as the currently active Windows user

Part way through running, the Diagnostics utility will need to run an elevated, that is Administrative, component to gather information about the machine itself.

If the customers problem is related to Full Disk Encryption, it is almost always necessary to perform this step, as information required can not be gathered without Administrator level access.

If the user has Administrator rights, this will mean accepting the UAC prompt.


If the user does not have Administrator rights, you can enter different user credentials at this point and will be prompted to do so.

If it is not possible to run this component, e.g. because the user can not provide Administrator credentials, other information may need to be requested later by the support team, depending on the nature of the problem.

Clicking 'No' will skip running the Administrative component. If you entered the credentials incorrectly, click 'Yes' and you can try again.


The Administrative component displays its activity window over the top of the User component.

Whilst the Admin Diagnostics is running, it performs a file search over the users data. This search is looking for specific ESET Endpoint Encryption files and encrypted folders, it does not read, catalogue, analyse or store anything about any other files, except where the files are of a '.dat' type. In these instances, the file will be read to determine if it matches our specific header and ignored otherwise.


Once the utility has finished working, a .zip file will be created on the users Desktop with a filename beginning 'eediag_log' followed by the current time and date in UTC format. This file should be submitted to the support team, either via email or ticketting system.


What information does the Diagnostics utility collect?

The Diagnostics utility collects information that helps the Support team diagnose problems that have occurred whilst using the software.

When run fully, it gathers information about the machines configuration, the active users settings, policies and configuration.


Information about FDE and Server cloud packets is kept in an encrypted state and we can not decrypt it because only you and your Server have the keys.


The information gathered is quite broad and varied because it assists the Support team to look for settings or files that may cause conflicts and problems with the software, this can often save time in the long run because all the information is presented to us at once, rather than having to keep making requests.


As of Version, and later, the following files may appear in the eediag zip file, depending on settings

Filename Purpose Present
admin_log.txt Contains information gathered via the Administrative component, locations of software files, Key-Files, active processes, driver information and disk information Always (Admin)
blat_log.txt Contains information related to upgrade processes used during installation and upgrades Always
current_dlploy.txt Contains logging information about cloud communications within a managed environment Managed
dlpcrashdumps.txt Contains information about any components that have generated crash dumps Always
eediag_log_<time>_<date>.txt Contains information gathered whilst running in the User context, including current Key-File state and some system information Always
evt_application.txt Contains recent entries in the machines Application event log Always
evt_crash.txt Contains a log of all application crashes recorded in the Application event log Always
evt_deslock.txt Contains recent entries in the machines Endpoint Encryption event log Always
evt_power.txt Contains a log of power events, start up, shutdown and power interruptions Always
evt_system.txt Contains recent entries in the System event log Always
SafeStart.txt Contains information reported by FDE Safe Start, if it was used Always
Services.txt Contains information about all currently installed Services Always
sysinfo.txt Contains information that is normally sent back to an Enterprise Server Always
system.nfo Contains an export from MSInfo32, a Microsoft system information tool Always (Admin)
update_db.xml Contains encrypted copies of updates and responses when is used in a managed environment Managed
x_dlploadr.bin Contains the FDE meta data, where x will be the drive letter the file was found on FDE Encrypted
<username>_dlploy.txt Contains logging information about cloud communications within a managed environment, one for each user profile found Managed (Admin)
<username>_esdirect.txt Contains logging information for the auto-enrolement feature in a managed environment, one for each user profile found Managed (Admin)
efde_ais_<date> Contains logging information for the EFDE service EFDE ONLY
Status Contains information in relation to the current EFDE status EFDE ONLY

If you have upgraded from some much older installs, there may also be additional logs that correspond to deprecated files, there may also be files created as the result of instructions provided by the support team.


So that we can provide effective and accurate support, please do NOT modify the contents of the zip file.


We use cookies on our website to enhance your browsing experience. Read more