Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Debugging Data Tools

Use the following tools to create debugging data to accompany your Support Requests. 

Wireshark 

Use Wireshark for packet capture and packet analysis to check from the network and interface level. Download it from  https://www.wireshark.org/download.html

To collect debugging information using Wireshark:

  1. Start Wireshark
  2. Select the interface you are using.
  3. Reproduce the issue.
  4. Stop Wireshark.
  5. Save the pcap file.

SCP Support Tool 

Use the SCP Support Tool to retrieve local logs and policies. Download it from
https://kcm.trellix.com/corporate/index?page=content&id=KB92089

Prerequisites: Install Wireshark first, otherwise the Support Tool will fail to launch.

To use SCP Support Tool to collect debugging data: 

  1. Run the tool as the Administrator user.
  2. Select Log Collection Mode.
  3. Select your output folder.
  4. Enable Network Traces and select your interface.
  5. Click Start Capture.
  6. Reproduce the issue.
  7. Click Stop Capture.
  8. Click Collect.

When the collection process is completed, send the contents of the output folder with your SR. 

F12 Developer Tools

Use the F12 developer tools from the browser to create a .HAR trace showing all requests and responses in clear text. 

To use F12 developer tools to collect debugging data:

  1. Click the F12 key.
  2. Click the Network tab.
  3. Enable both options Preserve log and Disable cache.
  4. Reproduce the issue in the same tab.
  5. Export ALL as .HAR.

Procmon 

Use Process Monitor from Microsoft to create debugging data. Download the tool from: https://learn.microsoft.com/en-us/sysinternals/downloads/procmon.

MER

The MER (Minimum Escalation Requirements) tool collects data from Endpoint Security and other products on your computer.

Example for macOS: Configure Debug Logging

Console for DNS Information

Use the console to find DNS information. 

Find the proxy IP that you would receive, where Anycast is sending the actual DNS request from the client, and what source IP GRM sees for the client in question, to discover the actual geolocation. 

For Linux:
$ date –u
$ dig a {proxy_hostname_as_configured_in_MCP_or_browser}
$ dig txt anycast.saasprotection.com
$ dig txt echo.saasprotection.com

For Windows:
echo %date% %time% <enter>
tzutil /g <enter>
nslookup <enter>
{proxy_hostname_as_configured_in_MCP_or_browser} <enter>
set type=txt <enter>
echo.saasprotection.com <enter>
anycast.saasprotection.com <enter>
 

  • Was this article helpful?