The ESET Endpoint Encryption Diagnostics utility
If you are experiencing any problems with the ESET Endpoint Encryption client software and wish to submit a ticket for the support team to investigate your problem, then it may be that the support team will ask you to provide a diagnostics file which can be generated by running our diagnostics utility.
The utility generates a log of both the software and general system information to aid the support team in analysing your problem.
You can download the Diagnostics utility using this link : ESET Endpoint Encryption Diagnostics utility
Please note you should always run the latest version of the Diagnostics utility. You can check the version and/or hash below. If you are unsure which version you have, just download the file again.
|Version||Last Updated||SHA256 Hash|
On recent versions of Windows, you can generate a hash using certutil : certutil -hashfile <filename> SHA256
Running the Diagnostics utility
Unless specifically directed to do so by a support team member, you should always run the Diagnostics utility following the instructions below.
You should run the utility whilst logged in to Windows as the user experiencing the problem, and unless advised otherwise, you must notright click and 'Run as administrator'.
The ESET Endpoint Encryption Diagnostics utility gathers information about the software that can not be obtained if you run it in another user context.
The Diagnostics utility needs to gather information as the currently active Windows user
Part way through running, the Diagnostics utility will need to run an elevated, that is Administrative, component to gather information about the machine itself.
If the customers problem is related to Full Disk Encryption, it is almost always necessary to perform this step, as information required can not be gathered without Administrator level access.
If the user has Administrator rights, this will mean accepting the UAC prompt.
If the user does not have Administrator rights, you can enter different user credentials at this point and will be prompted to do so.
If it is not possible to run this component, e.g. because the user can not provide Administrator credentials, other information may need to be requested later by the support team, depending on the nature of the problem.
Clicking 'No' will skip running the Administrative component. If you entered the credentials incorrectly, click 'Yes' and you can try again.
The Administrative component displays its activity window over the top of the User component.
Whilst the Admin Diagnostics is running, it performs a file search over the users data. This search is looking for specific ESET Endpoint Encryption files and encrypted folders, it does not read, catalogue, analyse or store anything about any other files, except where the files are of a '.dat' type. In these instances, the file will be read to determine if it matches our specific header and ignored otherwise.
Once the utility has finished working, a .zip file will be created on the users Desktop with a filename beginning 'eediag_log' followed by the current time and date in UTC format. This file should be submitted to the support team, either via email or ticketting system.
What information does the Diagnostics utility collect?
The Diagnostics utility collects information that helps the Support team diagnose problems that have occurred whilst using the software.
When run fully, it gathers information about the machines configuration, the active users settings, policies and configuration.
Information about FDE and Server cloud packets is kept in an encrypted state and we can not decrypt it because only you and your Server have the keys.
The information gathered is quite broad and varied because it assists the Support team to look for settings or files that may cause conflicts and problems with the software, this can often save time in the long run because all the information is presented to us at once, rather than having to keep making requests.
As of Version 126.96.36.199, and later, the following files may appear in the eediag zip file, depending on settings
|admin_log.txt||Contains information gathered via the Administrative component, locations of software files, Key-Files, active processes, driver information and disk information||Always (Admin)|
|blat_log.txt||Contains information related to upgrade processes used during installation and upgrades||Always|
|current_dlploy.txt||Contains logging information about cloud communications within a managed environment||Managed|
|dlpcrashdumps.txt||Contains information about any components that have generated crash dumps||Always|
|eediag_log_<time>_<date>.txt||Contains information gathered whilst running in the User context, including current Key-File state and some system information||Always|
|evt_application.txt||Contains recent entries in the machines Application event log||Always|
|evt_crash.txt||Contains a log of all application crashes recorded in the Application event log||Always|
|evt_deslock.txt||Contains recent entries in the machines Endpoint Encryption event log||Always|
|evt_power.txt||Contains a log of power events, start up, shutdown and power interruptions||Always|
|evt_system.txt||Contains recent entries in the System event log||Always|
|SafeStart.txt||Contains information reported by FDE Safe Start, if it was used||Always|
|Services.txt||Contains information about all currently installed Services||Always|
|sysinfo.txt||Contains information that is normally sent back to an Enterprise Server||Always|
|system.nfo||Contains an export from MSInfo32, a Microsoft system information tool||Always (Admin)|
|update_db.xml||Contains encrypted copies of updates and responses when is used in a managed environment||Managed|
|x_dlploadr.bin||Contains the FDE meta data, where x will be the drive letter the file was found on||FDE Encrypted|
|<username>_dlploy.txt||Contains logging information about cloud communications within a managed environment, one for each user profile found||Managed (Admin)|
|<username>_esdirect.txt||Contains logging information for the auto-enrolement feature in a managed environment, one for each user profile found||Managed (Admin)|
If you have upgraded from some much older installs, there may also be additional logs that correspond to deprecated files, there may also be files created as the result of instructions provided by the support team.
So that we can provide effective and accurate support, please do NOT modify the contents of the zip file.