Enabling additional Threat Scan tracing for a single agent

If there is a problem with threat scan detection we may need full tracing from the threat (antivirus) scan. Follow the steps below to obtain these additional logs.

1. Go to the client (agent) system where you are seeing the issue.

2. Open Services.msc, and stop the following services:

     For version 9.x:

          Shavlik Protect Agent

          Shavlik Protect Agent Dispatcher

          Shavlik Protect Threat Engine

     For version 8.x:

          VMware vCenter Protect Agent

          VMware vCenter Protect Agent Dispatcher

          VMware vCenter Protect Threat Engine

3. Open task manager, Processes, and end the STAgentUI.exe process. (Displayed as Agent UI in Windows 8/Server 2012 process manager.) All other agent processes should have ended when the services were stopped.         

4. Delete or move ALL the files that currently exist in the following directory:

     v.9.x on Windows 7,8,2008,Vista,2012: C:\ProgramData\LANDesk\Shavlik Protect\Logs

     v.9.x on Windows XP or 2003: C:\Documents and Settings\All Users\Application Data\LANDesk\Shavlik Protect\Logs

     v.8.x on Windows 7,8,2008,Vista,2012: C:\ProgramData\Shavlik Technologies\Logs

     v.8.x on Windows XP or 2003: C:\Documents and Settings\All Users\Application Data\Shavlik Technologies\Logs

5. Go into the following directory:

     v.9.x on 64bit: C:\Program Files (x86)\LANDesk\Shavlik Protect Agent

     v.9.x on 32bit: C:\Program Files\LANDesk\Shavlik Protect Agent

     v.8.x on 64bit: C:\Program Files (x86)\VMware\vCenter Protect Agent

     v.8.x on 32bit: C:\Program Files\VMware\vCenter Protect Agent

6. Locate the STThreat.exe.config, and open the file in a text editor.

7. Find the line that says;

     <threatServiceStartup preventAPIfIncompatiblesExist="false" debugFiles="false" tslog="false"/>

     Change it to the following:

     <threatServiceStartup preventAPIfIncompatiblesExist="true" debugFiles="true" tslog="true"/>

8. Save the file.

9. Start all the agent services back up (see step two).

10. Start the agent. You can do this by opening the agent UI from the start menu (paths below) or by going into the program files directory and running the STAgentUI.exe.

     v.9.x: Start > All Programs > Shavlik Protect > Shavlik Protect Agent

     v.8.x: Start > All Programs > VMware vCenter Protect > VMware vCenter Protect Agent

11. Run a full threat scan or recreate the issue.

12. Once the scan is complete or you have reproduced, zip and send ALL the files that now exist in the directory mentioned in step four.

     Note: Some of the additional logging created may be in XML format.