Skip to main content
Skyhigh Security

Skyhigh Client Proxy (SCP) Troubleshooting Data and Details

In case of any issues or failure with Client Proxy software where you need a Support Service Request to assist you, collect the following troubleshooting Information and logs, and provide them to Support.

Important: Support might request further logs and files beyond the following requirements.

Logs and information needed for Skyhigh Client Proxy (SCP) installation, upgrade, or redirection issues:

  • Trellix Agent Version
  • SCP Version
  • ePO Version
  • MER log endpoint
  • Procmon Logs
  • Windows Event Viewer Logs

Logs and information needed for SCP policy push Issues.

  • Trellix Agent Version
  • SCP Version
  • SCP Policy XML
  • MER Log Endpoint

 Minimum Escalation Requirement (MER) Logs

  1. Download the MER tool.
    For steps to download and run the MER tool, see Tools . 
  2. Reproduce the issue.
    Note: Record the time and date when you reproduced the issue. 
  3. Run the MER tool as an administrator.
  4. Under What Product should WebMER collect data for, select Skyhigh Client Proxy.
  5. Click Start.
  6. Save the output and attach it to your support case.

Procmon Log

  1. Download Process Monitor from:
    https://download.sysinternals.com/files/ProcessMonitor.zip
    NOTE: For more information about Process monitor, see:
    https://docs.microsoft.com/en-us/sysinternals/
     
  2. Unzip and run the Process Monitor as Administrator.
    NOTE: Record the time and date when you reproduced the issue.
     
  3. Reproduce the issue.
  4. Save the results with the All Events option selected and attach it to your support case.

Windows Event Viewer Logs

Note: Make sure that you’ve reproduced the issue and have recorded the time and date of the replication.

  1. Open Control Panel, click Administrative Tools > Open Event Viewer.
  2. Open Windows Logs, click Application, right-click Save All Events As, name the output file Application-logs.
  3. Open Windows Logs, click System, right-click Save All Events As, name the output file System-logs.
  4. Attach the saved logs to your support case.

SCP Support Tool

  1. Install Wireshark on your client:
    IMPORTANT: Wireshark must be installed on your client, otherwise the Support Tool doesn't start.
    1. Navigate to https://www.wireshark.org/#download and download the needed executable.
    2. Install Wireshark.
    3. Navigate to C:\Windows\System32\Npcap.
    4. Copy the 4 files in that directory and paste them into C:\Windows\System32.
      IMPORTANT: If you fail to copy these files, you see an error when you run tcpdump in the support tool.
       
  2. Download and unzip the ZIP file attached to this article for your current SCP version.
    Note: For any SCP version earlier than 4.4.2, use the file Support Tool 2.1.zip
    The Support Tool 2.1.zip file extracts into multiple folders, x64 for 64-bit operating systems and x86 for 32-bit.
    Starting with SCP version 4.5.0, use the file SCP Support Tool x64.zip, (supports only 64-bit operating systems). 
  3. Navigate to the appropriate folder for your operating system.
  4. Select the MCPSupportTool.exeSCPSupportTool​.exe file and Run as Administrator.
  5. After the file opens:
    1. Select Log Collection Mode as the Operating Mode.
    2. Configure the Output folder. The logs are placed in this folder.
    3. Select Network Traces checkbox. This option tells the tool to capture network traces.
    4. Configure one or more interfaces. Select the interface from which you want to capture network traces.
    5. Run capture:
      1. Click Start Capture.
      2. Reproduce the issue.
      3. Click Stop Capture.
         
    6. Select the Collect option.
      Support Tool collects the following data:
      • MCP logs and configuration.
      • System and information.
      • Crash dumps.
      • The installed program list.
         
  6. Gather the files from the directory configured earlier and attach them to your support case.


SCP Policy (retrieved from Trellix ePO GUI)

  1. Log on to Trellix ePO.
  2. Click Menu > Policy Catalog. For Product, select Skyhigh Client Proxy.
  3. Select the SCP Policy to download.
  4. Click EditActionsExport Policy to File.
  5. Download the Skyhigh Client Proxy Policy Server and Client File.

Orion Log (retrieved from Trellix ePO Server)

  1. If advised to by Technical Support, enable ePO debug logging.
    See KB52369 - How to enable debug logging in the Orion.log, for further information.
     
  2. Reproduce the issue.
  3. Log on to the ePO Server.
  4. Navigate to <epo install dir>\Server\Logs.
  5. Locate the Orion.log.
  6. Attach the Orion.log to your support case.
  • Was this article helpful?