How to find and save event log files.
To find the logs, see these links:
Defence plus event logs.
Antivirus Defense logs.
Firewall event logs.
To save the file you can either take a screenshot of the log, or click on More in each log view and use the full log viewer to export a file.
You can find your Killswitch process list by going to Advanced Tasks ~ Watch Activity. More details here.
On the Main Menu ~ Killswitch use ‘Save current view’.
This information is normally available from Computer ~ Properties or My Computer ~ Properties
Version=the main version eg Windows 7
SP= Service Pack number. The main maintenance release number of a Microsoft Operating system.
x32/x64 is the number of bits the OS uses
[b]Please be careful to choose the right set of instructions (for CIS 5.x or 6.x) or you may lock-up your computer (reboot to resolve if you do!).
CIS 5.x
[ol]- Disable Defense+ by moving the level slider in D+ ~ Settings to disabled
When it does you may get a crash dialog. Don’t answer this dialog. When the scan hangs, please go to Process Explorer andCIS 6.x
[ol]- Open CIS and Run a Scan → My Computer. Do this overnight perhaps.
When it does you may get a crash dialog. Don’t answer this dialog. When the scan hangs, please go to Process Explorer andComplete OS DUMPS
To report BSOD’S and complete OS freezes please set your computer up to record Complete OS dumps, not minidumps or kernel dumps.
Setting up your computer to collect Complete Dumps
How to generate a manual memory dump when computer stops responding
If testing CIS, it’s a good idea to have the ability to force a blue screen in the case of a total computer freeze so you can create a dump file for QA.
To perform a complete memory dump a BSOD is induced so please save all work first!
Keyboard initiated (recommended method)
Open Notepad > Copy & Paste below content
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters]
"CrashOnCtrlScroll"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters]
"CrashOnCtrlScroll"=dword:00000001
Select “File” menu > “Save As…” menu item > At “Save as type” field, select “All Files (.)” > At “File name” field, type : name.reg
Run name.reg file which you saved previously & Restart system
To initiate a crash, make sure you have saved all data in all user files then hold down the RIGHT Ctrl Key and press Scr Lk key twice
Wait for memory dump to be created, this may take some time.
See MSDN for more information : Forcing a system crash from the keyboard - Windows drivers | Microsoft Learn
NotMyFault tool
Download the NotMyFault tool : NotMyFault - Sysinternals | Microsoft Learn
For example, run Command Prompt as administrator.
At the command line, type NotMyFault.exe /crash, and then press ENTER.
Saving dumps
Complete OS dumps can be the size of your physical memory (RAM), but can compress well if you zip them - maybe down to to 10-20% of that size.The less apps you have running the more they compress. That’s still pretty big of course so you need a big upload account to upload them. I use https://mega.nz for this purposes as they give away 50Gb, and have few other restrictions, although they do require free registration.
Comodo Property Page
You can diagnose issues with File Rating technology by enabling a page extension that presents gathered file data in JSON format. Such data is very useful to developers and power users when narrowing down issues. A moderator may request a copy of such information.
Important note: To avoid any risk, since you are working with Windows Registry, please create a system restore point by following this guide:
[Create a system restore point]
http://i.imgur.com/gAx0D2y.png
Enabling property page
From attachment, run “enable_page.reg” file.
Disabling property page
From attachment, run “disable_page.reg” file.
Further note: It comes with no warranty & it might be removed in the future.
How to generate a diagnostic report.
When creating a bug report or when asked to provide a diagnostic report, you can do so by opening the main UI of CIS/CFW/CAV and click on the ? symbol to find the support menu item, then click on the diagnostics menu item to start the diagnostic report process. When it finishes click on create report even if no problems were detected. Then a save window appears in which you can choose where to save the report which will be saved in zip folder format. You would then attach that zip folder to your post.
Attached below are the different themes showing where to find the diagnostic task.
Steps to Collect Procmon Bootlog
1)Download Process Monitor from here for Windows Vista and higher and
Process Monitor from here for Windows XP
2)Extract the downloaded .zip file and run Procmon.exe by “Run as administrator”
3)Select Enable Advanced Output from Filter Options menu
4)Click Options and select Enable Boot Logging
5)You will get Boot logging options window. Enable Generate thread profiling events and set to Every second. Click Ok to confirm your settings
6)Reboot the system
7)Allow the system to fully load windows and any associated startup programs
8)Now again run Procmon.exe by “Run as administrator”
9)You will a prompt window with information about a log of boot-time activity being created. Click Yes to save the boot log.
10)Choose a location and save the boot log, a .pml file will be generated.
Steps to collect msinfo32.nfo:
Steps to collect Windows Event logs: