Updated - May 2018

Basic Troubleshooting Guide

1. Introduction ............................................................................................................................................. 3

2. Scope ....................................................................................................................................................... 3

3. Audience ................................................................................................................................................. 4

4. Prerequisites and recommendations ................................................................................................. 4

5. Document structure and delivery ....................................................................................................... 5

6. Accessing Panda products: IDP/Panda account ........................................................................... 6

7. Errors upon using Panda Products - Troubleshooting ...................................................................... 8 Web Console Errors ....................................................................................................................................................... 8 Agent Errors – General errors ....................................................................................................................................... 9 Error Installing / Uninstalling agent ............................................................................................................................ 12 Error Installing / Uninstalling protection .................................................................................................................... 15 Product not updated or upgraded ......................................................................................................................... 16 BSOD .............................................................................................................................................................................. 21 Advanced Protection issues ...................................................................................................................................... 22 Errors in AV permanent protection, error scanning ............................................................................................... 24 Firewall errors, navigation or net resource lost, network performance lost ...................................................... 25 Resource consumption .............................................................................................................................................. 27 Third party software – blocked files .......................................................................................................................... 30 How to deal with malware detections with Adaptive Defense/Adaptive Defense 360 ............................... 32

8. Appendix ............................................................................................................................................... 34 PSInfo ............................................................................................................................................................................. 34 URLs ................................................................................................................................................................................ 35 Check ports .................................................................................................................................................................. 35 PSErrorTrace .................................................................................................................................................................. 35 Advanced Protection Local Configurator.............................................................................................................. 36 NNSDiag ........................................................................................................................................................................ 36 Enable/disable settings modules .............................................................................................................................. 36 How to generate a post-mortem memory dump (BSODs) .................................................................................. 38 List of generic EPP errors ............................................................................................................................................. 40

1. Introduction

This troubleshooting guide aims at helping the technician provide a first line of support when

dealing with customers’ queries.

This document applies to the following products on both the “Traditional” platform and the new

Aether platform:

- Endpoint Protection

- Endpoint Protection Plus

- Adaptive Defense

- Adaptive Defense 360

The reason of having a single document for different products is the fact that their core

technologies are shared. Moreover, an improvement in a solution or shared technology of one

product will be applied across the rest of the products. However, please note that some sections

may be specific to certain products.

In addition to this, those products are released in two different platforms: the “traditional” one

and the new 2018 Aether platform1. The core of the products, the protection, is common to

both. However, the agent and some cloud components differ. The specific sections are clearly

separated in the document.

2. Scope

The scope or aim of the document is not to cover 100% of the scenarios, which is not feasible,

but to address the most known and usual situations that our customers could be facing. Most of

the presented cases result either in a solution or in an information request that requires to be

escalated to upper support layers for further analysis and resolution.

1 Aether platform is fairly new in Panda so Support tools and tips are not yet as developed as in

the traditional platform. New updated versions of this document will be including new supported

scenarios.

3. Audience

The expected audience of this document is any technician facing customers’ queries via

telephone call, email, chat, etc. In other words, any technician providing Tier 1 support. The

suggested tools and procedures are standard for anyone providing technical support to a

corporate user.

4. Prerequisites and recommendations

Even if the document is intended to be a guide to be easily followed, there are some

prerequisites that are highly recommended (if not mandatory) before you start using it. Among

others, these would be the most relevant ones:

Ensure you have read the product documentation (advanced guide/manual; online

help).

Complete an overview of the product via web access before and during the

troubleshooting process.

Work, whenever possible, with the latest version of the product and recommend the

customer to upgrade, as it normally includes fixes to bugs existing in previous versions.

However, before migrating the whole account, it is advisable to test the new

agent/protection in one of the faulty boxes to ensure that it fixes the problem.

The objective is always to minimize the impact at the customer’s business. Thus, it can be

understood that in some circumstances, the technician might apply workaround actions

(rollback, temporarily disabling some of the faulty technologies, uninstalling, etc.) without

being able to collect all the required information. In those exceptional situations, Panda

Support will do their best to work with the existing data.

5. Document structure and delivery

The document is structured following the main areas a technician can identify when getting

incidents/requests from our customers:

- Web Console Errors

- Agent Errors

- Error Installing / Uninstalling protection

- Error Installing / Uninstalling agent

- Product not updated or upgraded

- BSOD

- Adaptive Defense issues

- Errors in AV permanent protection, error scanning

- Firewall errors, navigation or net resource lost

- Resource consumption

- Third party software

- Panda support tools

As previously said, not all of the scenarios are covered. This is a live document, so, any change

will also be included so that the guide is tentatively maintained updated at all times.

Each section includes the most useful instructions or procedures that need to be taken into

account when troubleshooting the referred problems.

Additionally, an appendix has been added to detail further hints on how to use the main

support tools.

Although the first version of this document is delivered in docx/pdf format, the idea is to publish

the troubleshooting guide in a web format available on the Panda Support Webpage and thus

easily improved and continuously enriched without the need to resend the changes to the

technician that makes use of it.

6. Accessing Panda products: IDP/Panda account

Panda corporate cloud products delegate credential management to an identity provider

(IDP), a centralized application responsible for managing user identity. This means that with a

single Panda account, the network administrator will have secure and simple access to all

contracted Panda products.

Check the Getting started process flowchart to help you troubleshoot the most common

scenarios.

Key Concepts & Frequently Asked Questions

What is the welcome email for?

Welcome email gives the chance to create the Panda Account, not to activate it. Welcome

Email can be resent from Panda Support local team.

What is the “cool user”?

The “cool user” is the first email address/password combination once activated. It is displayed as

the "default user" and cannot be modified or removed.

Can I use the same email address to create different Panda Accounts?

No, once an email address is used to create an account you will NOT be able to use the same

email address to create a different Panda Account.

This situation is different in the “Aether platform”, but as said, this document focuses on the

“traditional platform”, not on the Aether one.

So, basically, to access the console, an activated email address/password

combination is required?

Correct. If the account was created but not activated, you will not be able to access the

console.

How can I activate my Panda account?

You can activate your Panda account from the activation email that was sent automatically

when you created the email account.

If you lost/deleted the email, you can force the activation email to be resent from the password

reminder: https://accounts.pandasecurity.com/Web/Account/ResetPassword

Is the Panda Account linked to the customer's product assets?

Yes, it is.

I have the services Panda Endpoint Protection and Panda Systems Management.

However, when logging with one of my users, it only grants me access to one of them.

A user created within the Panda Endpoint Protection console (or Adaptive Defense) will only

have access to this product. If you want that user to have Access to Systems Management as

well, you will need to create the user inside the other services.

What can I do if i do not receive the activation mail to set up my password for my user?

The activation mail and the password reminder mail are the same. You can force to be resent

again in the same way, by going to www.pandacloudsecurity.com and clicking on I forgot my

password.

If the customer does not receive the email yet, the mail exchanger for that particular customer

domain might be blocking, rejecting or deleting our mails. Customer will need to talk to the mail

exchanger administrator in order to whitelist emails coming from no-reply@pandasecurity.com.

7. Errors upon using Panda Products - Troubleshooting

This section includes the most common scenarios that could be found when working with the

mentioned Panda products. It is presented as a decision tree, ending either in a proposed

solution or in data collection to get it escalated to the Panda upper layer of support.

Web Console Errors

1- Error Loading the website – Panda administration console

a. Error 400, 404 or similar:

i. Check if you can log in from your own machine / environment / console

1. If you cannot log in, escalate the case and describe the tests you

have carried out.

2. If it only occurs at the customer’s environment:

a. Try to load other websites.

b. Check with other Internet browsers.

If the problem persists, escalate the case.

b. Browser presents the following information: Service Unavailable - Zero size object

The server is temporarily unable to service your request. Please try again later

Normally this error happens when you login/logout many times with different accounts and a

cookie freezes in the process. Clean the cookies of your browser and try again.

2- Error with customer´s credentials

a. Check the credentials in your computer.

i. We can log in:

1. Check with the customer the credentials (wrong character or

number).

2. Send a mail with the correct credentials.

3. Clean Internet browser cache.

4. Clean temporary Internet files.

ii. We cannot log in:

1. Request customer´s information (credentials).

2. Contact to Support in order to open a ticket

For the rest of the cases, and before escalating the case, please check you have included the

following information to the escalated ticket:

Issue description. Screenshots of the error / visual error.

Steps to reproduce it. Ideally, a video will be very helpful.

Credentials of the web console.

Agent Errors – General errors

1- Agent is not upgraded to the latest version. You have endpoints with a newer agent

version but the one under analysis is not in the latest one.

a. Check to force the agent upgrade, by using the Agent Upgrade Force tool, in the

Tools section of the PSInfo.

See appendix for further details.

2- Error code 3369 in the Windows event viewer

It is a warning. The MD5 does not match the MD5 of the catalog which shows the agent

which version corresponds to its account/settings. The agent downloaded a file to

update the signature but the MD5 locally does not match the MD5 that you can see in

the update catalog. Check if the customer has a firewall or proxy.

i. Check if the customer has a proxy or firewall

1. Whitelist Panda URLs into the customer´s firewall / proxy

2. Whitelist Panda files if customer has enabled a content filter

protection into his network

ii. Check the required ports (see appendix for more details):

1. TCP 18226

2. UDP 21226

Those mentioned points correspond to the Panda general requirements.

3- The local configuration settings are different from the profile in the Web Console

a. Do a sync from the endpoint from the endpoint.

Should the issue persist, use the Force Sync tool within PSInfo.

b. Uninstall the Endpoint Agent from the Control Panel – Add or Remove Programs.

c. Uninstall Endpoint Protection from Control Panel – Add or Remove Programs.

d. Download the install package from the web console and install it again.

If the issue still persists, please include the following information to the escalated ticket:

Issue description

Enable log files to maximum detail level. You can activate the logs using the PSinfo

associated tool Enable/Disable Advanced logs and follow the instructions the tool

suggests.

PSInfo. See appendix.

Error Installing / Uninstalling agent

1- Error Installing Endpoint Agent – Legacy/Traditional platform

a. Check the minimum requirements:

i. Windows

ii. Linux

iii. OSX

b. Check the user has Admin privileges.

c. Check the error code:

i. 1289 error code. This code is normally related to the licensing system.

1. Check the free licenses in the Web Console.

2. Check the excluded computers.

a. Delete the excluded computers to increase your licenses.

ii. 5000 error code. This code refers to connectivity problems.

1. Check required URLs. As a hint, you can use the URL Checker

included in the PSInfo tool.

a. If you get an error message in the URLChecker tool, it is very

likely that the mentioned URL is blocked. Check it with the

network administrator.

b. If you get a warning message in the URLChecker tool even

if the result seems to be OK, it is very likely that there is a

proxy in the middle of the communication between the

endpoint and the Panda servers intercepting the data

exchange. Thus, check it with the network administrator.

iii. 3365 error code

This error means that we are uploading a new catalog. You have to wait for the

cloud to sync the new catalog, so we recommend to wait 20 minutes.

d. Error extracting files:

1. Check %temp% folder permission. If not available, grant write

permission to this folder.

e. The installation wizard finishes without an error:

i. Execute Panda Cloud Cleaner, as in some cases, it can be an indication

of a potential infection. Panda Cloud Cleaner is available in the PSInfo.

f. Error uninstalling Endpoint Agent:

i. Run the generic uninstaller

1. You can find it in the PSInfo tool

2. Reboot

2- Error Installing Endpoint Agent – Aether platform

a. Check the minimum requirements:

i. Windows

ii. Linux

iii. OSX

b. Check the user has Admin privileges.

c. Check the error code:

i. 1359 error code. This code is normally related to net error.

1. Check that computer has connectivity.

ii. 1392 error code. This code refers to download problems.

1. Check required URLs. As a hint, you can use the URL Checker

included in the PSInfo tool.

a. If you get an error message in the URLChecker tool, it is very

likely that the mentioned URL is blocked. Check it with the

network administrator.

b. If you get a warning message in the URLChecker tool even

if the result seems to be OK, it is very likely that there is a

proxy in the middle of the communication between the

end-point and the Panda servers intercepting the data

exchange. Thus, check it with the network administrator.

d. Error extracting files:

1. Check %temp% folder permission. If not available, grant write

permission to this folder.

e. Error uninstalling Endpoint Agent:

i. Run the generic uninstaller

If the issue still persists, please include the following information to the escalated ticket:

Issue description.

PSInfo. See appendix.

Error Installing / Uninstalling protection

1- Error installing Endpoint Protection

a. Check requirements:

i. Windows

ii. Linux

iii. OSX

b. Check the user has Admin privileges.

c. Check the error code:

i. 2093 error code

1. Please use PSInfo

ii. 2081 error or 2123 error code

1. Check this article and learn how to fix 2081 error code.

2. Check the following option has been enabled:

d. Error uninstalling Endpoint Protection

i. Run the generic uninstaller, available in the PSInfo Tools section.

If the issue still persists, please include the following information to the escalated ticket:

Issue description.

PSInfo. See appendix.

Product not updated or upgraded

1- Signature files not updated

a. Check if the issue is present in one or more machines:

i. Check the customer´s licenses.

ii. Check the customer´s network.

1. Proxy

2. Firewall

3. …

iii. Open PSInfo and use the internal tool to test our URLs

b. Check in the Web console if everything is correctly configured.

c. If the signature file date in the console is 1-1-1990 or “not available”, try the

1990FIX tool of the PSInfo:

d. If the machine has not Internet access, use URLChecker in the

WaProxy/centralized server machine.

e. Check our internal communication ports are allowed ( See appendix for more

details):

i. TCP port 18226

ii. UDP port 21226

e. Force a Sync from the endpoint.

Should the issue persist, use the Force Sync tool within PSInfo.

2- Product is not upgraded. Box shows a red cross in the console.

a. Check if the agent is not upgrading. See “Agent errors”.

b. Check upgrade is enabled in the Web console.

c. Check customer´s network.

i. Proxy

ii. Firewall

iii. Use URLChecker of the PSInfo.

d. If the machine has not Internet access, upgrade is not possible.

e. Check our internal communication ports are allowed (see appendix for more

details):

i. TCP port 18226

ii. UDP port 21226

If the issue persists, please include the following information to the escalated ticket:

Describe the issue.

Enable log files to maximum detail level. You can activate the logs using the PSinfo

associated tool Enable/Disable Advanced logs.

Describe customer´s network ( proxy, firewall, …)

BSOD

1- Identify the problem.

a. Ask the customer if the name of the driver is displayed. Ideally, get a screenshot

(or a picture taken from a mobile phone) of the screen.

2- Check the customer has the latest Product version installed.

3- If the customer can “easily” reproduce the BSOD, try to narrow down what module of

the Panda protection is generating the problem.

a. Uninstall our Product and check if issue is fixed.

b. Access the local administration console at the end-point. Start disabling each of

the protections.

c. Alternatively, from the web console, move the box to different profiles/group that

have different settings, based on the protection module

i. AV only

ii. AV + firewall

iii. AV + Advanced protection

iv. Advanced protection only

4- Check what the customer was doing before checking the DMP file. Review in the

EventViewer whether other software updates that have been taken place recently to

narrow down the potential implication of our solution.

a. Check the video card has the latest driver installed.

b. Check the mainboard ´s chipsets are updated.

If issue persists, please include the following information to the escalated ticket:

Issue description. Can the BSOD be reproduced systematically? Which module is

affected?

PSInfo. See appendix.

Full DMP File. Please check the appendix in order to know how to obtain a full dump file.

Advanced Protection issues

The following step applies to the following situations:

1- Resource consumption or machine slowdown.

2- Error in the advanced protection.

3- Third party software incompatibility or binary is being blocked.

Open the Advanced Protection Local Configurator to enable or disable this feature.

i. If after disabling this feature the issue no longer exists:

1. Enable the setting again and reproduce the issue taking traces

with PSErrortrace (see appendix about the use of this tool).

2. Take a PSInfo.

3. In case the problem is caused in the interaction with a 3rd party

tool, provide, if possible, a copy of the software with the steps for

reproduction.

If issue persists, please include the following information to the escalated ticket:

Issue description.

Enable log files to maximum detail level. You can activate the logs using the PSinfo

associated tool Enable/Disable Advanced logs.

Collect the PSinfo.

PSErrorTrace as mentioned in the previous point.

In case the problem is caused in the interaction with a 3rd party tool, provide, if possible,

a copy of the software with the steps for reproduction.

Errors in AV permanent protection, error scanning

1- Error in the product antivirus, potentially caused by an incorrect installation or upgrade

a. Uninstall Endpoint Agent.

b. Uninstall Endpoint Protection.

c. Download the install package from web console and install

it again.

2- Potential infection

a. Execute Panda Cloud Cleaner if you have the suspicion that the box could be

infected.

3- Operating System interaction

a. Execute Windows Update to ensure the box is updated.

4- Protection error icon in the Web Console

a. Ask the customer to force a communication between the agent and the Web

console, from the endpoint, or if the problem persists, with the Force Sync option

of the PSInfo

b. Uninstall Endpoint Agent and install it again.

5- Error scanning

a. Check if you can see an error code.

i. Take a picture of the error.

b. Check if the issue is random or not.

c. Check if it always crashes in the same file / folder.

i. If it is a temporally file, delete it.

d. Check if it is the latest product version.

e. Random issue

i. Run a disk defrag.

ii. Run chkdsk.

iii. Run scandisk.

iv. Check the machine is updated (Windows update).

6- General problem with the file protection

To determine the affected module, please follow this procedure:

Open a new cmd window as administrator permissions and type:

o Sc stop nanoservicemain

Check if issue is fixed and give us feedback

o Sc start nanoservicemain

o Sc stop psinaflt

Check if issue is fixed

o Sc stop psinfile

Check if issue is fixed

o Sc stop psinprot

Check if issue is fixed

If the issue persists, please include the following information to the escalated ticket:

Issue description

PSInfo. See appendix.

Affected module.

PSErrortrace. See appendix.

Firewall errors, navigation or net resource lost, network performance lost

1- Error firewall protection

a. Error in the local interface (error or red cross when you open the local interface).

i. Check Windows firewall. If enabled, disable it.

ii. Check other firewall software. If enabled, disable it.

iii. Check the Endpoint Protection. As suggested in any other error, install the

latest version if possible.

2- Lost Internet connection or shared folder access

a. Lost network access.

i. Check the Endpoint Protection. As suggested in any other error, install the

latest version if possible.

ii. Report the ticket with the info requested. NNSDiag is necessary (see

appendix for additional information)

iii. Windows key + R and write cmd.

1. Execute this command: netsh winsock reset

3- Lost connection with third party software

a. Check how is the Panda Firewall managed.

i. Web Console

1. Add a new rule for that software.

2. Sync locally to apply the new rule.

ii. Local host

1. Check firewall settings.

a. Restore the rules.

4- For any generic issue related to our firewall, follow this procedure to identify the affected

module:

Open a new cmd window as administrator permissions and type:

o Sc stop nnsprv

Check if issue is fixed

o Sc stop nnsstrm

Check if issue is fixed

If issue is fixed:

Sc stop nnshttp

Sc stop nnshttps

Sc stop pop3

Sc stop smtp

o Sc stop nnsprot

Check if issue is fixed

o Sc stop nnsids

Check if issue is fixed

The affected module information is very relevant to the Panda Support team.

If issue still persists, please include the following information to the escalated ticket:

Issue description

PSInfo. See appendix.

Affected module.

NNSDiag. See appendix.

Customer´s network description.

Resource consumption

1- Check the customer has got the latest Endpoint version installed.

2- Ensure that the issue is caused by our product.

a. Start – Run (Windows key + R) and write services.msc

b. Stop our services:

i. Panda Cloud Office Protection Service

ii. Panda Endpoint Administration Agent

iii. Panda Product Service

c. If the issue is reproduced with our services stopped:

i. Uninstall the product to make sure the issue is not related to our product.

3- After stopping Panda Cloud Office Protection Service, the issue is fixed. Then:

a. Go to web console and select the profile used in the machine with the issue.

i. Uncheck this option

ii. Uncheck compressed files

b. Add exclusions

i. extension

ii. folder

iii. files

4- Use the PCOP_protectionerror tool to know what technology is causing the issue:

a. File protection

i. Stop each driver to find the one causing the issue.

b. Firewall

i. Stop each drivers to find the one causing the issue.

5- Problem only occurs in one machine.

a. Uninstall Endpoint Agent.

b. Uninstall Endpoint Protection.

c. Download the install package from the web console and install it again.

6- Follow the steps for determining the affected module (see section related to AV

Permanent Protection and Firewall errors), by starting/stopping the key product

processes.

If the issue still persists, please include the following information to the escalated ticket:

Issue description.

PSInfo. See appendix.

PSErrortrace if the issue is related to Panda Cloud Office Protection Service. See

appendix.

Process that is generating the issue (if possible).

NNSDiag if the issue is related to our Firewall Technology. See appendix.

Full dump of the process which is taking resources. Here you have more details. In XP, use

Process Explorer

Third party software – blocked files

1- Our product detects a file as malware or suspicious:

a. Refer to section How to deal with malware detections in this document.

b. Check the web console

c. Restore the file if the customer confirms that it is not malware.

d. Check in our test machine / test environment if the file is detected.

i. Sample is detected.

1. Escalate the case to Panda Security so it can be escalated to the

Lab (zip password protected).

2. Picture of the detection.

ii. Sample is not detected.

1. Issue fixed in the signature files.

2- Our product blocks third party software. There is a block in the console.

When an unknown file is blocked by the Advanced Protection, it will be shown in the

console under the Currently blocked items being classified.

These files will remain there until PandaLabs classifies them as Goodware, Malware or

PUP.

a. Customer cannot find it: ask him to check the History section, to see if it has been

Reclassified as goodware.

b. Customer considers it as goodware and needs it urgently (cannot wait for

PandaLabs). Customer can unlock the file from the console.

3- Our product blocks third party software at the end-point. There is NO block in the console

a. The file is clearly goodware. In this scenario, check if the end-point communicates

with our Panda servers, with the CheckURL tool of the PSInfo.

b. The file is unknown/malware

i. Check if the end-point communicates with our Panda servers, with the

CheckURL tool of the PSinfo.

ii. An additional hint is to get many cumulated files stored in

ProgramData\Panda Security\Panda Security Protection\SRFRepository

How to deal with malware detections with Adaptive Defense/Adaptive Defense

360

When an Adaptive Defense/Adaptive Defense 360 reports a malware issue, you are likely to

come across either of these two scenarios:

Endpoint computer infected

Incorrect detection or block

Check either one to know the steps to follow.

Scenario 1 - Endpoint Computer Infected

Step 1 – Verify the mode

First of all, make sure the endpoint computer is not in audit mode, otherwise, it would be

logical to become infected, as audit mode only informs about malware events.

Step 2 - Information collection

Once the audit mode has been discarded, collect the following information from the

customer:

Customer account number and name

important! Do not open a case with a generic account or a reseller account. You

must include the end user account number of the infected customer.

Computer name

Estimated date of infection

Source of the infection:

o Spam with malicious attachment. If so, please attach suspicious email.

o On accessing a website

o Source unknown; the customer only noticed his files were infected.

PSInfo

Scenario 2 - incorrect detection or block

Step 1 - information collection

Customer account number and name

Computer name

Export of the report from the endpoint antivirus.

Please note that the Adaptive Defense products have no GUI (graphical user

interface) so there is no local report. In this case please specify the approximate date

and time of the incorrect detection.

PSInfo

8. Appendix

This appendix includes the tools and procedures to use them that could assist in the

troubleshooting process.

PSInfo

PSinfo is the key tool to collect Panda Support related information and it is mandatory for any

escalated case to the Panda organization.

PSinfo can be launched manually, after downloading it from the Panda servers, here.

Moreover, PSinfo is automatically collected from the affected endpoint when reporting a case

to Panda using the Report a problem with this computer option in the console.

The following link explains in detail how to open a ticket with Panda, from the console: How can

you open a ticket?

What’s more, PSInfo includes some basic troubleshooting tools that are commonly used when

dealing with problems. Some of those tools are referred in this document.

URLs

Which URLs are necessary for the product to work correctly? Check this support page.

If a customer has a device to secure the files downloaded from internet, please whitelist all

downloaded files from Panda Security. For example, Panda Endpoint Agent downloads catalog

files in zip format.

Check ports

Panda Security’s products use TCP port 18226 and UDP port 21226. Those ports are used to

establish communication with other Endpoint Agents. If you need to check if the

communication is fine, please do this:

- Windows key + R

- Write cmd and press the Enter key

- telnet destinationmachinename 18226

- telnet destinationmachineipaddress 18226

With this, you can check if the port is denied or allowed.

PSErrorTrace

PSErrorTrace tool gathers useful information to diagnose and study Endpoint Protection issues

related to the installation, scan or compatibility with third-party software.

Follow the steps below:

1. Download PsErrorTrace.exe and run the file with elevated privileges.

2. Click the Start button.

3. Choose the type of operation you were doing when you encountered the problem

(installing, activating, opening a program, scanning, etc.) and click Continue.

4. Fill in your email address and description of the problem and click Continue.

5. Now, you will be asked to replicate the issue you had encountered (scan stuck,

failed installation, etc.). When you are ready to do so, click Start.

6. Once you are able to replicate the problem and when the button is no longer

greyed out, click Finish.

7. Choose Exit and click Yes to save the report PsErrorTrace.psinfo to your computer.

8. Finally, send the PsErrorTrace.psinfo file to Support.

Advanced Protection Local Configurator

The panda_adaptivedefense360.exe tool checks the product configuration and allows to carry

out changes in the advanced protection locally. This allows determining if the issue is being

caused by the advanced protection or narrowing down with which configuration the issue is

occurring.

The tool verifies the correct product is installed and checks the service is running.

NNSDiag

NNSDiag gathers useful information to diagnose issues related to the Endpoint Firewall

technologies.

In order to narrow down the problem and offer a solution, we need to collect and study certain

data. Please follow the steps below:

1. Download and run nnsdiag.exe.

2. Follow the steps indicated in the wizard.

3. It is important NOT TO restart your computer during these tests.

4. Once the process finishes, the tool save the data collected. Provide TechSupport the

resulting NNSDiagResults.zip file.

Enable/disable settings modules

In the local interface, we can temporarily allow a local administration panel to help us find

where the problem is. To enable this local administration panel, follow the steps below:

1. Go to the Web console and choose the profile affected by the issue.

2. Go to the Windows and Linux option and click on Advanced settings tab.

3. Access the Administration password option and enable it.

4. Then, go to the local machine and do a sync from the endpoint or by using the Force

sync tool within PSInfo.

5. Open the local interface and click on Administrator Panel.

6. Write the password set and click on log in. There you could enable or disable the

modules in order to find which is causing the issue.

7. When you log out, you could set how long to keep the changes.

How to generate a post-mortem memory dump (BSODs)

Follow the steps below to automatically generate a post-mortem memory dump that records

information about errors.

1. Download and install the Microsoft Debugging Tools for Windows:

http://msdn.microsoft.com/windows/hardware/hh852363

2. Follow the steps below to establish WinDBg as the default debugger:

1. Open the MS-DOS Prompt window. To do this, go to Start -> Run, type cmd and

click OK.

2. Go to the WinDBg installation directory.

To do this, type the commands below and press Enter after every command:

cd\

cd “Program Files”

cd Windows Kits

cd 8.0

cd Debuggers

cd x86 (if you have 32-bit OS) or cd x64 (if you have 64-bit OS)

Windbg –I

WinDbg -I

Note: ‘I’ is capital ‘i’.

3. Create a folder called Panda in the C:\ drive to store the dump file (C:\Panda).

From now onwards, whenever an error message is displayed, the WinDBg window

below will be displayed:

4. At the bottom of the window, where 0: 000> is indicated, enter the following

command:

.dump /ma C:\Panda\Panda.dmp

If the dump is correctly generated, the message ‘Dump successfully written’ will

be displayed at the bottom of the screen.

Once these steps are completed, a file called Panda.dmp will automatically be

generated in the C:\Panda directory.

5. Compress the dmp result and send us to analyze it.

List of generic EPP errors

The following webpages include the list of the most common errors you could find when working

with EP/EPP and Adaptive Defense:

https://www.pandasecurity.com/support/card?id=50032