Skyhigh Client Proxy (SCP) Troubleshooting Data and Details
In case of any issues or failure with Client Proxy software where you need a Support Service Request to assist you, collect the following troubleshooting Information and logs, and provide them to Support.
Important: Support might request further logs and files beyond the following requirements.
Logs and information needed for Skyhigh Client Proxy (SCP) installation, upgrade, or redirection issues:
- Trellix Agent Version
- SCP Version
- ePO Version
- MER log endpoint
- Procmon Logs
- Windows Event Viewer Logs
Logs and information needed for SCP policy push Issues.
- Trellix Agent Version
- SCP Version
- SCP Policy XML
- MER Log Endpoint
Minimum Escalation Requirement (MER) Logs
- Download the MER tool.
For steps to download and run the MER tool, see Tools . - Reproduce the issue.
Note: Record the time and date when you reproduced the issue. - Run the MER tool as an administrator.
- Under What Product should WebMER collect data for, select Skyhigh Client Proxy.
- Click Start.
- Save the output and attach it to your support case.
Procmon Log
- Download Process Monitor from:
https://download.sysinternals.com/files/ProcessMonitor.zip
NOTE: For more information about Process monitor, see:
https://docs.microsoft.com/en-us/sysinternals/
- Unzip and run the Process Monitor as Administrator.
NOTE: Record the time and date when you reproduced the issue.
- Reproduce the issue.
- Save the results with the All Events option selected and attach it to your support case.
Windows Event Viewer Logs
Note: Make sure that you’ve reproduced the issue and have recorded the time and date of the replication.
- Open Control Panel, click Administrative Tools > Open Event Viewer.
- Open Windows Logs, click Application, right-click Save All Events As, name the output file Application-logs.
- Open Windows Logs, click System, right-click Save All Events As, name the output file System-logs.
- Attach the saved logs to your support case.
SCP Support Tool
- Install Wireshark on your client:
IMPORTANT: Wireshark must be installed on your client, otherwise the Support Tool doesn't start.- Navigate to https://www.wireshark.org/#download and download the needed executable.
- Install Wireshark.
- Navigate to C:\Windows\System32\Npcap.
- Copy the 4 files in that directory and paste them into C:\Windows\System32.
IMPORTANT: If you fail to copy these files, you see an error when you run tcpdump in the support tool.
- Download and unzip the ZIP file attached to this article for your current SCP version.
Note: For any SCP version earlier than 4.4.2, use the file Support Tool 2.1.zip.
The Support Tool 2.1.zip file extracts into multiple folders, x64 for 64-bit operating systems and x86 for 32-bit.
Starting with SCP version 4.5.0, use the file SCP Support Tool x64.zip, (supports only 64-bit operating systems). - Navigate to the appropriate folder for your operating system.
- Select the MCPSupportTool.exe / SCPSupportTool.exe file and Run as Administrator.
- After the file opens:
- Select Log Collection Mode as the Operating Mode.
- Configure the Output folder. The logs are placed in this folder.
- Select Network Traces checkbox. This option tells the tool to capture network traces.
- Configure one or more interfaces. Select the interface from which you want to capture network traces.
- Run capture:
- Click Start Capture.
- Reproduce the issue.
- Click Stop Capture.
- Select the Collect option.
Support Tool collects the following data:- MCP logs and configuration.
- System and information.
- Crash dumps.
- The installed program list.
- Gather the files from the directory configured earlier and attach them to your support case.
SCP Policy (retrieved from Trellix ePO GUI)
- Log on to Trellix ePO.
- Click Menu > Policy Catalog. For Product, select Skyhigh Client Proxy.
- Select the SCP Policy to download.
- Click Edit, Actions, Export Policy to File.
- Download the Skyhigh Client Proxy Policy Server and Client File.
Orion Log (retrieved from Trellix ePO Server)
- If advised to by Technical Support, enable ePO debug logging.
See KB52369 - How to enable debug logging in the Orion.log, for further information.
- Reproduce the issue.
- Log on to the ePO Server.
- Navigate to <epo install dir>\Server\Logs.
- Locate the Orion.log.
- Attach the Orion.log to your support case.