Troubleshooting Resources

Case Diagnostic Tool

Trend Micro Case Diagnostic Tool (CDT) collects necessary debugging information from a customer’s product whenever problems occur. It automatically turns the product's debug status on and off and collects necessary files according to problem categories. Trend Micro uses this information to troubleshoot problems related to the product.

To obtain this tool and relevant documentation, contact your Support provider.

Knowledge Base

Some solutions in the Troubleshooting section of the online help direct you to the Trend Micro Knowledge Base. Please make sure you have Internet connection to open the Knowledge Base.

Logs

Aside from logs available on the Web console, you can use other types of logs (such as debug logs) to troubleshoot product issues. Below are some of the OfficeScan server and client logs:

OfficeScan server

Log

Details

Debug log using LogServer.exe

To enable debug logging for the OfficeScan server, Trend Micro Vulnerability Scanner, and Policy Server:

  1. Log on to the Web console.

  2. On the banner of the Web console, click the "C" in "MICRO".

  3. Specify debug log settings and then click Save. The default file name is ofcdebug.log.

  4. Check the log file in the default location: \PCCSRV\Log.

 

To disable debug logging for the OfficeScan server, Trend Micro Vulnerability Scanner, and Policy Server:

  1. Log on to the Web console.

  2. On the banner of the Web console, click the "C" in "MICRO".

  3. Unmark Enable debug log and then click Save.

 

To enable debug logging for server installation and upgrade:

You can enable debug logging before performing the following tasks:

  • Uninstall and then install the server again.

  • Upgrade OfficeScan 8.0 to a new version.

  • Perform remote installation/upgrade (Debug logging is enabled on the computer where you launched Setup and not on the remote computer.)

 

  1. Copy the "LogServer" folder located in \PCCSRV\Private to C:\.

  2. Create a file named ofcdebug.ini with the following content:

[debug]

DebugLevel=9

DebugLog=C:\LogServer\ofcdebug.log

  1. Save ofcdebug.ini to C:\LogServer.

  2. Perform the appropriate task (that is, uninstall/reinstall the server, upgrade to a new server version, or perform remote installation/upgrade).

  3. Check ofcdebug.log in C:\LogServer.

Local installation/upgrade log

File name: OFCMAS.LOG

Location: %windir%

Remote installation/upgrade log

On the computer where you launched Setup:

File name: ofcmasr.log

Location: %windir%

 

On the target computer:

File name: OFCMAS.LOG

Location: %windir%

Component update log

File name: TmuDump.txt

Location: \PCCSRV\Web\Service\AU_Data\AU_Log

 

To get detailed server update information:

  1. Create a file named aucfg.ini with the following content:

[Debug]

level=-1

[Downloader]

ProxyCache=0

  1. Save the file to \PCCSRV\Web\Service.

  2. Restart the OfficeScan Master Service.

 

To stop collecting detailed server update information:

  1. Delete aucfg.ini.

  2. Restart the OfficeScan Master Service.

Client Packager log

To enable logging for Client Packager creation:

  1. Modify ClnExtor.ini in \PCCSRV\Admin\Utility\ClientPackager as follows:

[Common]

DebugMode=3

  1. Check ClnPack.log in C:\.

 

To disable logging for Client Packager creation:

Open ClnExtor.ini and change the "DebugMode" value from 3 to 0.

ServerProtect Normal Server Migration Tool debug log

To enable debug logging for ServerProtect Normal Server Migration Tool:

  1. Create a file named ofcdebug.ini file with the following content:

[Debug]

DebugLog=C:\ofcdebug.log

DebugLevel=9

  1. Save the file to C:\.

  2. Check ofcdebug.log in C:\.

 

To disable debug logging for ServerProtect Normal Server Migration Tool:

Delete ofcdebug.ini.

VSEncrypt debug log

OfficeScan automatically creates the debug log (VSEncrypt.log) in the user account's temporary folder. For example, C:\Documents and Settings\{User name}\Local Settings\Temp.

Control Manager MCP Agent debug log

Debug files on the OfficeScan server's \PCCSRV\CMAgent folder:

  • Agent.ini

  • Product.ini

  • The screenshot of the Control Manager Settings page

  • ProductUI.zip

 

To enable debug logging for the MCP Agent:

  1. Modify product.ini in \PCCSRV\CmAgent as follows:

[Debug]

debugmode = 3

debuglevel= 3

debugtype = 0

debugsize = 10000

debuglog = C:\CMAgent_debug.log

  1. Restart the OfficeScan Control Manager Agent service from the Windows Services screen.

  2. Check CMAgent_debug.log in C:\.

 

To disable debug logging for the MCP Agent:

  1. Open product.ini and delete the following:

debugmode = 3

debuglevel= 3

debugtype = 0

debugsize = 10000

debuglog = C:\CMAgent_debug.log

  1. Restart the OfficeScan Control Manager service.

Virus Scan Engine debug log

To enable debug logging for the Virus Scan Engine:

  1. Open the Registry Editor (regedit.exe).

  2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TMFilter\Parameters.

  3. Change the value of "DebugLogFlags" to "00003eff".

  4. Perform the steps that led to the scanning issue you encountered.

  5. Check TMFilter.log in %SystemRoot%.

 

To disable debug logging for the Virus Scan Engine:

Restore the value of "DebugLogFlags" to "00000000".

 

OfficeScan client

Log

Details

Debug log using LogServer.exe

To enable debug logging for the OfficeScan client:

  1. Create a file named ofcdebug.ini with the following content:

[Debug]

Debuglog=C:\ofcdebug.log

debuglevel=9

debugLevel_new=D

debugSplitSize=10485760

debugSplitPeriod=12

debugRemoveAfterSplit=1

  1. Send ofcdebug.ini to client users, instructing them to save the file to C:\.

LogServer.exe automatically runs each time the client computer starts. Instruct users NOT to close the LogServer.exe command window that opens when the computer starts as this prompts OfficeScan to stop debug logging. If users close the command window, they can start debug logging again by running LogServer.exe located in \OfficeScan Client.

  1. For each client computer, you can check ofcdebug.log in C:\.

 

To disable debug logging for the OfficeScan client:

Delete ofcdebug.ini.

Fresh installation log

File name: OFCNT.LOG

Locations:

%windir% for all installation methods except MSI package

%temp% for the MSI package installation method

Upgrade/Hot fix log

File name: upgrade.log

Location: \OfficeScan Client\Temp

Damage Cleanup Services debug log

To enable debug logging for Damage Cleanup Services:

  1. Open TSC.ini in \OfficeScan Client.

  2. Modify the following line as follows: DebugInfoLevel=3

  3. Check TSCDebug.log in \OfficeScan Client\debug.

 

To disable debug logging for Damage Cleanup Services:

Open TSC.ini and change the "DebugInfoLevel" value from 3 to 0.

Mail Scan log

File name: SmolDbg.txt

Location: \OfficeScan Client

Client connection log

File name: Conn_YYYYMMDD.log

Location: \OfficeScan Client\ConnLog

Client update log

File name: Tmudump.txt

Location: \OfficeScan Client\AU_Data\AU_Log

 

To get detailed client update information:

  1. Create a file named aucfg.ini with the following content:

[Debug]

level=-1

[Downloader]

ProxyCache=0

  1. Save the file to \OfficeScan Client.

  2. Reload the client.

 

To stop collecting detailed client update information:

  1. Delete aucfg.ini.

  2. Reload the client.

Outbreak Prevention debug log

File name: OPPLogs.log

Location: \OfficeScan Client\OppLog

OfficeScan firewall debug log

To enable debug logging for the Common Firewall Driver:

  1. Add the following data in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tmcfw\Parameters:

Type: DWORD value (REG_DWORD)

Name: DebugCtrl

Value: 0x111

  1. Restart the computer.

  2. Check cfw-log.txt in C:\.

 

To disable debug logging for the Common Firewall Driver:

  1. Delete "DebugCtrl" in the registry key.

  2. Restart the computer.

 

To enable debug logging for the OfficeScan NT Firewall service:

  1. Create a file named Tmpfw.ini with the following content:

[debug]

debug_on=yes

debug_level=90

log_path=C:\TmPfw.log

  1. Save the file to \OfficeScan Client.

  2. Reload the client.

  3. Check TmPfw.log in C:\.

 

To disable debug logging for the OfficeScan NT Firewall service:

  1. Open Tmpfw.ini and change the "debug_on" value from "yes" to "no".

  2. Reload the client.

Web Reputation debug log

To enable debug logging for the Web Reputation feature:

  1. Edit TmProxy.ini located in \OfficeScan Client as follows:

[debug]

debug_on=yes

debug_level=90

log_path=C:\TmProxy.log

  1. Reload the client.

  2. Check TmProxy.log in C:\.

 

To disable debug logging for the Web Reputation feature:

  1. Open TmProxy.ini and change the "debug_on" value from "yes" to "no".

  2. Reload the client.

Transport Driver Interface (TDI) debug log

To enable debug logging for TDI:

  1. Add the following data in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service\tmtdi\Parameters:

 

Type: DWORD value (REG_DWORD)

Name: Debug

Value: 1111 (Hexadecimal)

 

Type: String value (REG_SZ)

Name: LogFile

Value: C:\tmtdi.log

 

  1. Restart the computer.

  2. Check tmtdi.log in C:\.

 

To disable debug logging for TDI:

  1. Delete "Debug" and "LogFile" in the registry key.

  2. Restart the computer.