Traps Troubleshooting Resources

To troubleshoot Traps and the Endpoint Security Manager (comprising an ESM Server, the ESM Console, and a database), use the following resources:
Resource
Description
ESM Resources
Endpoint Security Manager
Web interface, which provides reports and logs. The information is useful for monitoring and filtering the logs to interpret unusual behavior on your network. After analyzing a security event, you can choose to create a custom rule for the endpoint or process.
DebugWeb log
Indicates information, warnings, and errors related to the Endpoint Security Manager. The DebugWeb log is located in the
%ProgramData%\Cyvera\Logs
folder of the ESM Server.
Server log
Indicates information, warnings, and errors related to the Endpoint Database and ESM Server. The Server log is located in the
%ProgramData%\Cyvera\Logs
folder of the ESM Server.
ESM installation log
Specifies any errors encountered during installation of ESM components. Use this log file when you need to troubleshoot installation issues. The installer stores the log files in the
%temp%
or
C:\Users\<user_name>\AppData\Local\Temp
folder.
Database (DB) Configuration Tool (dbconfig.exe)
Command-line interface that provides an alternative to managing basic server settings using the ESM Console. You can access the DB Configuration Tool using a Microsoft MS-DOS command prompt run as an administrator. For more information, see Database (DB) Configuration Tool.
ESM Tech Support file
On-demand aggregation of active ESM Console and ESM Server logs and settings to aid Technical Support in troubleshooting and diagnosing issues. For more information, see ESM Tech Support File.
Traps Resources
Traps installation log
Specifies any errors encountered during installation of Traps. Use this log file when you need to troubleshoot installation issues. The installer stores the log files in the
%temp%
or
C:\Users\<user_name>\AppData\Local\Temp
folder.
Traps service log
Indicates information, warnings, and errors related to the Traps service. The Service log is located in the following folder on the endpoint:
  • Windows Vista and later:
    %ProgramData%\Cyvera\Logs
  • Windows XP:
    C:\Document and Settings\All Users\Application Data\Cyvera\Logs
Traps console log
Indicates information, warnings, and errors related to the Traps console. The Console log is located in the following folder on the endpoint:
  • Windows Vista and later:
    C:\Users\<username>\AppData\Roaming\Cyvera
  • Windows XP:
    C:\Document and Settings\<username>\Application Data\Cyvera\Logs
Traps and ESM initiated processes
Supervisor Command Line Tool (cytool.exe)
Allows you to enumerate protected processes, enable or disable protection features, and enable or disable Traps management actions from a command line interface. For more information, see Cytool.
Unknown files for analysis
Traps stores unknown files to send to the ESM Server in the
C:\ProgramData\Cyvera\Temp
folder. After the ESM Server submits a file to WildFire, the Traps agent deletes the file from the Temp folder.
In some cases, third-party Antivirus (AV) applications can raise an alert for this folder. If this occurs, it is recommended to whitelist this folder in the third-party AV application.

Related Documentation