Upload
others
View
11
Download
0
Embed Size (px)
Citation preview
1. Introduction ............................................................................................................................................. 3
2. Scope ....................................................................................................................................................... 3
3. Audience ................................................................................................................................................. 4
4. Prerequisites and recommendations ................................................................................................. 4
5. Document structure and delivery ....................................................................................................... 5
6. Accessing Panda products: IDP/Panda account ........................................................................... 6
7. Errors upon using Panda Products - Troubleshooting ...................................................................... 8 Web Console Errors ....................................................................................................................................................... 8 Agent Errors – General errors ....................................................................................................................................... 9 Error Installing / Uninstalling agent ............................................................................................................................ 12 Error Installing / Uninstalling protection .................................................................................................................... 15 Product not updated or upgraded ......................................................................................................................... 16 BSOD .............................................................................................................................................................................. 21 Advanced Protection issues ...................................................................................................................................... 22 Errors in AV permanent protection, error scanning ............................................................................................... 24 Firewall errors, navigation or net resource lost, network performance lost ...................................................... 25 Resource consumption .............................................................................................................................................. 27 Third party software – blocked files .......................................................................................................................... 30 How to deal with malware detections with Adaptive Defense/Adaptive Defense 360 ............................... 32
8. Appendix ............................................................................................................................................... 34 PSInfo ............................................................................................................................................................................. 34 URLs ................................................................................................................................................................................ 35 Check ports .................................................................................................................................................................. 35 PSErrorTrace .................................................................................................................................................................. 35 Advanced Protection Local Configurator.............................................................................................................. 36 NNSDiag ........................................................................................................................................................................ 36 Enable/disable settings modules .............................................................................................................................. 36 How to generate a post-mortem memory dump (BSODs) .................................................................................. 38 List of generic EPP errors ............................................................................................................................................. 40
1. Introduction
This troubleshooting guide aims at helping the technician provide a first line of support when
dealing with customers’ queries.
This document applies to the following products on both the “Traditional” platform and the new
Aether platform:
- Endpoint Protection
- Endpoint Protection Plus
- Adaptive Defense
- Adaptive Defense 360
The reason of having a single document for different products is the fact that their core
technologies are shared. Moreover, an improvement in a solution or shared technology of one
product will be applied across the rest of the products. However, please note that some sections
may be specific to certain products.
In addition to this, those products are released in two different platforms: the “traditional” one
and the new 2018 Aether platform1. The core of the products, the protection, is common to
both. However, the agent and some cloud components differ. The specific sections are clearly
separated in the document.
2. Scope
The scope or aim of the document is not to cover 100% of the scenarios, which is not feasible,
but to address the most known and usual situations that our customers could be facing. Most of
the presented cases result either in a solution or in an information request that requires to be
escalated to upper support layers for further analysis and resolution.
1 Aether platform is fairly new in Panda so Support tools and tips are not yet as developed as in
the traditional platform. New updated versions of this document will be including new supported
scenarios.
3. Audience
The expected audience of this document is any technician facing customers’ queries via
telephone call, email, chat, etc. In other words, any technician providing Tier 1 support. The
suggested tools and procedures are standard for anyone providing technical support to a
corporate user.
4. Prerequisites and recommendations
Even if the document is intended to be a guide to be easily followed, there are some
prerequisites that are highly recommended (if not mandatory) before you start using it. Among
others, these would be the most relevant ones:
Ensure you have read the product documentation (advanced guide/manual; online
help).
Complete an overview of the product via web access before and during the
troubleshooting process.
Work, whenever possible, with the latest version of the product and recommend the
customer to upgrade, as it normally includes fixes to bugs existing in previous versions.
However, before migrating the whole account, it is advisable to test the new
agent/protection in one of the faulty boxes to ensure that it fixes the problem.
The objective is always to minimize the impact at the customer’s business. Thus, it can be
understood that in some circumstances, the technician might apply workaround actions
(rollback, temporarily disabling some of the faulty technologies, uninstalling, etc.) without
being able to collect all the required information. In those exceptional situations, Panda
Support will do their best to work with the existing data.
5. Document structure and delivery
The document is structured following the main areas a technician can identify when getting
incidents/requests from our customers:
- Web Console Errors
- Agent Errors
- Error Installing / Uninstalling protection
- Error Installing / Uninstalling agent
- Product not updated or upgraded
- BSOD
- Adaptive Defense issues
- Errors in AV permanent protection, error scanning
- Firewall errors, navigation or net resource lost
- Resource consumption
- Third party software
- Panda support tools
As previously said, not all of the scenarios are covered. This is a live document, so, any change
will also be included so that the guide is tentatively maintained updated at all times.
Each section includes the most useful instructions or procedures that need to be taken into
account when troubleshooting the referred problems.
Additionally, an appendix has been added to detail further hints on how to use the main
support tools.
Although the first version of this document is delivered in docx/pdf format, the idea is to publish
the troubleshooting guide in a web format available on the Panda Support Webpage and thus
easily improved and continuously enriched without the need to resend the changes to the
technician that makes use of it.
6. Accessing Panda products: IDP/Panda account
Panda corporate cloud products delegate credential management to an identity provider
(IDP), a centralized application responsible for managing user identity. This means that with a
single Panda account, the network administrator will have secure and simple access to all
contracted Panda products.
Check the Getting started process flowchart to help you troubleshoot the most common
scenarios.
Key Concepts & Frequently Asked Questions
What is the welcome email for?
Welcome email gives the chance to create the Panda Account, not to activate it. Welcome
Email can be resent from Panda Support local team.
What is the “cool user”?
The “cool user” is the first email address/password combination once activated. It is displayed as
the "default user" and cannot be modified or removed.
Can I use the same email address to create different Panda Accounts?
No, once an email address is used to create an account you will NOT be able to use the same
email address to create a different Panda Account.
This situation is different in the “Aether platform”, but as said, this document focuses on the
“traditional platform”, not on the Aether one.
So, basically, to access the console, an activated email address/password
combination is required?
Correct. If the account was created but not activated, you will not be able to access the
console.
How can I activate my Panda account?
You can activate your Panda account from the activation email that was sent automatically
when you created the email account.
If you lost/deleted the email, you can force the activation email to be resent from the password
reminder: https://accounts.pandasecurity.com/Web/Account/ResetPassword
Is the Panda Account linked to the customer's product assets?
Yes, it is.
I have the services Panda Endpoint Protection and Panda Systems Management.
However, when logging with one of my users, it only grants me access to one of them.
A user created within the Panda Endpoint Protection console (or Adaptive Defense) will only
have access to this product. If you want that user to have Access to Systems Management as
well, you will need to create the user inside the other services.
What can I do if i do not receive the activation mail to set up my password for my user?
The activation mail and the password reminder mail are the same. You can force to be resent
again in the same way, by going to www.pandacloudsecurity.com and clicking on I forgot my
password.
If the customer does not receive the email yet, the mail exchanger for that particular customer
domain might be blocking, rejecting or deleting our mails. Customer will need to talk to the mail
exchanger administrator in order to whitelist emails coming from [email protected].
7. Errors upon using Panda Products - Troubleshooting
This section includes the most common scenarios that could be found when working with the
mentioned Panda products. It is presented as a decision tree, ending either in a proposed
solution or in data collection to get it escalated to the Panda upper layer of support.
Web Console Errors
1- Error Loading the website – Panda administration console
a. Error 400, 404 or similar:
i. Check if you can log in from your own machine / environment / console
1. If you cannot log in, escalate the case and describe the tests you
have carried out.
2. If it only occurs at the customer’s environment:
a. Try to load other websites.
b. Check with other Internet browsers.
If the problem persists, escalate the case.
b. Browser presents the following information: Service Unavailable - Zero size object
The server is temporarily unable to service your request. Please try again later
Normally this error happens when you login/logout many times with different accounts and a
cookie freezes in the process. Clean the cookies of your browser and try again.
2- Error with customer´s credentials
a. Check the credentials in your computer.
i. We can log in:
1. Check with the customer the credentials (wrong character or
number).
2. Send a mail with the correct credentials.
3. Clean Internet browser cache.
4. Clean temporary Internet files.
ii. We cannot log in:
1. Request customer´s information (credentials).
2. Contact to Support in order to open a ticket
For the rest of the cases, and before escalating the case, please check you have included the
following information to the escalated ticket:
Issue description. Screenshots of the error / visual error.
Steps to reproduce it. Ideally, a video will be very helpful.
Credentials of the web console.
Agent Errors – General errors
1- Agent is not upgraded to the latest version. You have endpoints with a newer agent
version but the one under analysis is not in the latest one.
a. Check to force the agent upgrade, by using the Agent Upgrade Force tool, in the
Tools section of the PSInfo.
See appendix for further details.
2- Error code 3369 in the Windows event viewer
It is a warning. The MD5 does not match the MD5 of the catalog which shows the agent
which version corresponds to its account/settings. The agent downloaded a file to
update the signature but the MD5 locally does not match the MD5 that you can see in
the update catalog. Check if the customer has a firewall or proxy.
i. Check if the customer has a proxy or firewall
1. Whitelist Panda URLs into the customer´s firewall / proxy
2. Whitelist Panda files if customer has enabled a content filter
protection into his network
ii. Check the required ports (see appendix for more details):
1. TCP 18226
2. UDP 21226
Those mentioned points correspond to the Panda general requirements.
3- The local configuration settings are different from the profile in the Web Console
a. Do a sync from the endpoint from the endpoint.
Should the issue persist, use the Force Sync tool within PSInfo.
b. Uninstall the Endpoint Agent from the Control Panel – Add or Remove Programs.
c. Uninstall Endpoint Protection from Control Panel – Add or Remove Programs.
d. Download the install package from the web console and install it again.
If the issue still persists, please include the following information to the escalated ticket:
Issue description
Enable log files to maximum detail level. You can activate the logs using the PSinfo
associated tool Enable/Disable Advanced logs and follow the instructions the tool
suggests.
Error Installing / Uninstalling agent
1- Error Installing Endpoint Agent – Legacy/Traditional platform
a. Check the minimum requirements:
i. Windows
ii. Linux
iii. OSX
b. Check the user has Admin privileges.
c. Check the error code:
i. 1289 error code. This code is normally related to the licensing system.
1. Check the free licenses in the Web Console.
2. Check the excluded computers.
a. Delete the excluded computers to increase your licenses.
ii. 5000 error code. This code refers to connectivity problems.
1. Check required URLs. As a hint, you can use the URL Checker
included in the PSInfo tool.
a. If you get an error message in the URLChecker tool, it is very
likely that the mentioned URL is blocked. Check it with the
network administrator.
b. If you get a warning message in the URLChecker tool even
if the result seems to be OK, it is very likely that there is a
proxy in the middle of the communication between the
endpoint and the Panda servers intercepting the data
exchange. Thus, check it with the network administrator.
iii. 3365 error code
This error means that we are uploading a new catalog. You have to wait for the
cloud to sync the new catalog, so we recommend to wait 20 minutes.
d. Error extracting files:
1. Check %temp% folder permission. If not available, grant write
permission to this folder.
e. The installation wizard finishes without an error:
i. Execute Panda Cloud Cleaner, as in some cases, it can be an indication
of a potential infection. Panda Cloud Cleaner is available in the PSInfo.
f. Error uninstalling Endpoint Agent:
i. Run the generic uninstaller
1. You can find it in the PSInfo tool
2. Reboot
2- Error Installing Endpoint Agent – Aether platform
a. Check the minimum requirements:
i. Windows
ii. Linux
iii. OSX
b. Check the user has Admin privileges.
c. Check the error code:
i. 1359 error code. This code is normally related to net error.
1. Check that computer has connectivity.
ii. 1392 error code. This code refers to download problems.
1. Check required URLs. As a hint, you can use the URL Checker
included in the PSInfo tool.
a. If you get an error message in the URLChecker tool, it is very
likely that the mentioned URL is blocked. Check it with the
network administrator.
b. If you get a warning message in the URLChecker tool even
if the result seems to be OK, it is very likely that there is a
proxy in the middle of the communication between the
end-point and the Panda servers intercepting the data
exchange. Thus, check it with the network administrator.
d. Error extracting files:
1. Check %temp% folder permission. If not available, grant write
permission to this folder.
e. Error uninstalling Endpoint Agent:
i. Run the generic uninstaller
If the issue still persists, please include the following information to the escalated ticket:
Issue description.
PSInfo. See appendix.
Error Installing / Uninstalling protection
1- Error installing Endpoint Protection
a. Check requirements:
i. Windows
ii. Linux
iii. OSX
b. Check the user has Admin privileges.
c. Check the error code:
i. 2093 error code
1. Please use PSInfo
ii. 2081 error or 2123 error code
1. Check this article and learn how to fix 2081 error code.
2. Check the following option has been enabled:
d. Error uninstalling Endpoint Protection
i. Run the generic uninstaller, available in the PSInfo Tools section.
If the issue still persists, please include the following information to the escalated ticket:
Issue description.
PSInfo. See appendix.
Product not updated or upgraded
1- Signature files not updated
a. Check if the issue is present in one or more machines:
i. Check the customer´s licenses.
ii. Check the customer´s network.
1. Proxy
2. Firewall
3. …
iii. Open PSInfo and use the internal tool to test our URLs
b. Check in the Web console if everything is correctly configured.
c. If the signature file date in the console is 1-1-1990 or “not available”, try the
1990FIX tool of the PSInfo:
d. If the machine has not Internet access, use URLChecker in the
WaProxy/centralized server machine.
e. Check our internal communication ports are allowed ( See appendix for more
details):
i. TCP port 18226
ii. UDP port 21226
e. Force a Sync from the endpoint.
Should the issue persist, use the Force Sync tool within PSInfo.
2- Product is not upgraded. Box shows a red cross in the console.
a. Check if the agent is not upgrading. See “Agent errors”.
b. Check upgrade is enabled in the Web console.
c. Check customer´s network.
i. Proxy
ii. Firewall
iii. Use URLChecker of the PSInfo.
d. If the machine has not Internet access, upgrade is not possible.
e. Check our internal communication ports are allowed (see appendix for more
details):
i. TCP port 18226
ii. UDP port 21226
If the issue persists, please include the following information to the escalated ticket:
Describe the issue.
Enable log files to maximum detail level. You can activate the logs using the PSinfo
associated tool Enable/Disable Advanced logs.
Describe customer´s network ( proxy, firewall, …)
BSOD
1- Identify the problem.
a. Ask the customer if the name of the driver is displayed. Ideally, get a screenshot
(or a picture taken from a mobile phone) of the screen.
2- Check the customer has the latest Product version installed.
3- If the customer can “easily” reproduce the BSOD, try to narrow down what module of
the Panda protection is generating the problem.
a. Uninstall our Product and check if issue is fixed.
b. Access the local administration console at the end-point. Start disabling each of
the protections.
c. Alternatively, from the web console, move the box to different profiles/group that
have different settings, based on the protection module
i. AV only
ii. AV + firewall
iii. AV + Advanced protection
iv. Advanced protection only
4- Check what the customer was doing before checking the DMP file. Review in the
EventViewer whether other software updates that have been taken place recently to
narrow down the potential implication of our solution.
a. Check the video card has the latest driver installed.
b. Check the mainboard ´s chipsets are updated.
If issue persists, please include the following information to the escalated ticket:
Issue description. Can the BSOD be reproduced systematically? Which module is
affected?
PSInfo. See appendix.
Full DMP File. Please check the appendix in order to know how to obtain a full dump file.
Advanced Protection issues
The following step applies to the following situations:
1- Resource consumption or machine slowdown.
2- Error in the advanced protection.
3- Third party software incompatibility or binary is being blocked.
Open the Advanced Protection Local Configurator to enable or disable this feature.
i. If after disabling this feature the issue no longer exists:
1. Enable the setting again and reproduce the issue taking traces
with PSErrortrace (see appendix about the use of this tool).
2. Take a PSInfo.
3. In case the problem is caused in the interaction with a 3rd party
tool, provide, if possible, a copy of the software with the steps for
reproduction.
If issue persists, please include the following information to the escalated ticket:
Issue description.
Enable log files to maximum detail level. You can activate the logs using the PSinfo
associated tool Enable/Disable Advanced logs.
Collect the PSinfo.
PSErrorTrace as mentioned in the previous point.
In case the problem is caused in the interaction with a 3rd party tool, provide, if possible,
a copy of the software with the steps for reproduction.
Errors in AV permanent protection, error scanning
1- Error in the product antivirus, potentially caused by an incorrect installation or upgrade
a. Uninstall Endpoint Agent.
b. Uninstall Endpoint Protection.
c. Download the install package from web console and install
it again.
2- Potential infection
a. Execute Panda Cloud Cleaner if you have the suspicion that the box could be
infected.
3- Operating System interaction
a. Execute Windows Update to ensure the box is updated.
4- Protection error icon in the Web Console
a. Ask the customer to force a communication between the agent and the Web
console, from the endpoint, or if the problem persists, with the Force Sync option
of the PSInfo
b. Uninstall Endpoint Agent and install it again.
5- Error scanning
a. Check if you can see an error code.
i. Take a picture of the error.
b. Check if the issue is random or not.
c. Check if it always crashes in the same file / folder.
i. If it is a temporally file, delete it.
d. Check if it is the latest product version.
e. Random issue
i. Run a disk defrag.
ii. Run chkdsk.
iii. Run scandisk.
iv. Check the machine is updated (Windows update).
6- General problem with the file protection
To determine the affected module, please follow this procedure:
Open a new cmd window as administrator permissions and type:
o Sc stop nanoservicemain
Check if issue is fixed and give us feedback
o Sc start nanoservicemain
o Sc stop psinaflt
Check if issue is fixed
o Sc stop psinfile
Check if issue is fixed
o Sc stop psinprot
Check if issue is fixed
If the issue persists, please include the following information to the escalated ticket:
Issue description
PSInfo. See appendix.
Affected module.
PSErrortrace. See appendix.
Firewall errors, navigation or net resource lost, network performance lost
1- Error firewall protection
a. Error in the local interface (error or red cross when you open the local interface).
i. Check Windows firewall. If enabled, disable it.
ii. Check other firewall software. If enabled, disable it.
iii. Check the Endpoint Protection. As suggested in any other error, install the
latest version if possible.
2- Lost Internet connection or shared folder access
a. Lost network access.
i. Check the Endpoint Protection. As suggested in any other error, install the
latest version if possible.
ii. Report the ticket with the info requested. NNSDiag is necessary (see
appendix for additional information)
iii. Windows key + R and write cmd.
1. Execute this command: netsh winsock reset
3- Lost connection with third party software
a. Check how is the Panda Firewall managed.
i. Web Console
1. Add a new rule for that software.
2. Sync locally to apply the new rule.
ii. Local host
1. Check firewall settings.
a. Restore the rules.
4- For any generic issue related to our firewall, follow this procedure to identify the affected
module:
Open a new cmd window as administrator permissions and type:
o Sc stop nnsprv
Check if issue is fixed
o Sc stop nnsstrm
Check if issue is fixed
If issue is fixed:
Sc stop nnshttp
Sc stop nnshttps
Sc stop pop3
Sc stop smtp
o Sc stop nnsprot
Check if issue is fixed
o Sc stop nnsids
Check if issue is fixed
The affected module information is very relevant to the Panda Support team.
If issue still persists, please include the following information to the escalated ticket:
Issue description
PSInfo. See appendix.
Affected module.
NNSDiag. See appendix.
Customer´s network description.
Resource consumption
1- Check the customer has got the latest Endpoint version installed.
2- Ensure that the issue is caused by our product.
a. Start – Run (Windows key + R) and write services.msc
b. Stop our services:
i. Panda Cloud Office Protection Service
ii. Panda Endpoint Administration Agent
iii. Panda Product Service
c. If the issue is reproduced with our services stopped:
i. Uninstall the product to make sure the issue is not related to our product.
3- After stopping Panda Cloud Office Protection Service, the issue is fixed. Then:
a. Go to web console and select the profile used in the machine with the issue.
i. Uncheck this option
ii. Uncheck compressed files
b. Add exclusions
i. extension
ii. folder
iii. files
4- Use the PCOP_protectionerror tool to know what technology is causing the issue:
a. File protection
i. Stop each driver to find the one causing the issue.
b. Firewall
i. Stop each drivers to find the one causing the issue.
5- Problem only occurs in one machine.
a. Uninstall Endpoint Agent.
b. Uninstall Endpoint Protection.
c. Download the install package from the web console and install it again.
6- Follow the steps for determining the affected module (see section related to AV
Permanent Protection and Firewall errors), by starting/stopping the key product
processes.
If the issue still persists, please include the following information to the escalated ticket:
Issue description.
PSInfo. See appendix.
PSErrortrace if the issue is related to Panda Cloud Office Protection Service. See
appendix.
Process that is generating the issue (if possible).
NNSDiag if the issue is related to our Firewall Technology. See appendix.
Full dump of the process which is taking resources. Here you have more details. In XP, use
Process Explorer
Third party software – blocked files
1- Our product detects a file as malware or suspicious:
a. Refer to section How to deal with malware detections in this document.
b. Check the web console
c. Restore the file if the customer confirms that it is not malware.
d. Check in our test machine / test environment if the file is detected.
i. Sample is detected.
1. Escalate the case to Panda Security so it can be escalated to the
Lab (zip password protected).
2. Picture of the detection.
ii. Sample is not detected.
1. Issue fixed in the signature files.
2- Our product blocks third party software. There is a block in the console.
When an unknown file is blocked by the Advanced Protection, it will be shown in the
console under the Currently blocked items being classified.
These files will remain there until PandaLabs classifies them as Goodware, Malware or
PUP.
a. Customer cannot find it: ask him to check the History section, to see if it has been
Reclassified as goodware.
b. Customer considers it as goodware and needs it urgently (cannot wait for
PandaLabs). Customer can unlock the file from the console.
3- Our product blocks third party software at the end-point. There is NO block in the console
a. The file is clearly goodware. In this scenario, check if the end-point communicates
with our Panda servers, with the CheckURL tool of the PSInfo.
b. The file is unknown/malware
i. Check if the end-point communicates with our Panda servers, with the
CheckURL tool of the PSinfo.
ii. An additional hint is to get many cumulated files stored in
ProgramData\Panda Security\Panda Security Protection\SRFRepository
How to deal with malware detections with Adaptive Defense/Adaptive Defense
360
When an Adaptive Defense/Adaptive Defense 360 reports a malware issue, you are likely to
come across either of these two scenarios:
Endpoint computer infected
Incorrect detection or block
Check either one to know the steps to follow.
Scenario 1 - Endpoint Computer Infected
Step 1 – Verify the mode
First of all, make sure the endpoint computer is not in audit mode, otherwise, it would be
logical to become infected, as audit mode only informs about malware events.
Step 2 - Information collection
Once the audit mode has been discarded, collect the following information from the
customer:
Customer account number and name
important! Do not open a case with a generic account or a reseller account. You
must include the end user account number of the infected customer.
Computer name
Estimated date of infection
Source of the infection:
o Spam with malicious attachment. If so, please attach suspicious email.
o On accessing a website
o Source unknown; the customer only noticed his files were infected.
PSInfo
Scenario 2 - incorrect detection or block
Step 1 - information collection
Customer account number and name
Computer name
Export of the report from the endpoint antivirus.
Please note that the Adaptive Defense products have no GUI (graphical user
interface) so there is no local report. In this case please specify the approximate date
and time of the incorrect detection.
PSInfo
8. Appendix
This appendix includes the tools and procedures to use them that could assist in the
troubleshooting process.
PSInfo
PSinfo is the key tool to collect Panda Support related information and it is mandatory for any
escalated case to the Panda organization.
PSinfo can be launched manually, after downloading it from the Panda servers, here.
Moreover, PSinfo is automatically collected from the affected endpoint when reporting a case
to Panda using the Report a problem with this computer option in the console.
The following link explains in detail how to open a ticket with Panda, from the console: How can
you open a ticket?
What’s more, PSInfo includes some basic troubleshooting tools that are commonly used when
dealing with problems. Some of those tools are referred in this document.
URLs
Which URLs are necessary for the product to work correctly? Check this support page.
If a customer has a device to secure the files downloaded from internet, please whitelist all
downloaded files from Panda Security. For example, Panda Endpoint Agent downloads catalog
files in zip format.
Check ports
Panda Security’s products use TCP port 18226 and UDP port 21226. Those ports are used to
establish communication with other Endpoint Agents. If you need to check if the
communication is fine, please do this:
- Windows key + R
- Write cmd and press the Enter key
- telnet destinationmachinename 18226
- telnet destinationmachineipaddress 18226
With this, you can check if the port is denied or allowed.
PSErrorTrace
PSErrorTrace tool gathers useful information to diagnose and study Endpoint Protection issues
related to the installation, scan or compatibility with third-party software.
Follow the steps below:
1. Download PsErrorTrace.exe and run the file with elevated privileges.
2. Click the Start button.
3. Choose the type of operation you were doing when you encountered the problem
(installing, activating, opening a program, scanning, etc.) and click Continue.
4. Fill in your email address and description of the problem and click Continue.
5. Now, you will be asked to replicate the issue you had encountered (scan stuck,
failed installation, etc.). When you are ready to do so, click Start.
6. Once you are able to replicate the problem and when the button is no longer
greyed out, click Finish.
7. Choose Exit and click Yes to save the report PsErrorTrace.psinfo to your computer.
8. Finally, send the PsErrorTrace.psinfo file to Support.
Advanced Protection Local Configurator
The panda_adaptivedefense360.exe tool checks the product configuration and allows to carry
out changes in the advanced protection locally. This allows determining if the issue is being
caused by the advanced protection or narrowing down with which configuration the issue is
occurring.
The tool verifies the correct product is installed and checks the service is running.
NNSDiag
NNSDiag gathers useful information to diagnose issues related to the Endpoint Firewall
technologies.
In order to narrow down the problem and offer a solution, we need to collect and study certain
data. Please follow the steps below:
1. Download and run nnsdiag.exe.
2. Follow the steps indicated in the wizard.
3. It is important NOT TO restart your computer during these tests.
4. Once the process finishes, the tool save the data collected. Provide TechSupport the
resulting NNSDiagResults.zip file.
Enable/disable settings modules
In the local interface, we can temporarily allow a local administration panel to help us find
where the problem is. To enable this local administration panel, follow the steps below:
1. Go to the Web console and choose the profile affected by the issue.
2. Go to the Windows and Linux option and click on Advanced settings tab.
3. Access the Administration password option and enable it.
4. Then, go to the local machine and do a sync from the endpoint or by using the Force
sync tool within PSInfo.
5. Open the local interface and click on Administrator Panel.
6. Write the password set and click on log in. There you could enable or disable the
modules in order to find which is causing the issue.
7. When you log out, you could set how long to keep the changes.
How to generate a post-mortem memory dump (BSODs)
Follow the steps below to automatically generate a post-mortem memory dump that records
information about errors.
1. Download and install the Microsoft Debugging Tools for Windows:
http://msdn.microsoft.com/windows/hardware/hh852363
2. Follow the steps below to establish WinDBg as the default debugger:
1. Open the MS-DOS Prompt window. To do this, go to Start -> Run, type cmd and
click OK.
2. Go to the WinDBg installation directory.
To do this, type the commands below and press Enter after every command:
cd\
cd “Program Files”
cd Windows Kits
cd 8.0
cd Debuggers
cd x86 (if you have 32-bit OS) or cd x64 (if you have 64-bit OS)
Windbg –I
WinDbg -I
Note: ‘I’ is capital ‘i’.
3. Create a folder called Panda in the C:\ drive to store the dump file (C:\Panda).
From now onwards, whenever an error message is displayed, the WinDBg window
below will be displayed:
4. At the bottom of the window, where 0: 000> is indicated, enter the following
command:
.dump /ma C:\Panda\Panda.dmp
If the dump is correctly generated, the message ‘Dump successfully written’ will
be displayed at the bottom of the screen.
Once these steps are completed, a file called Panda.dmp will automatically be
generated in the C:\Panda directory.
5. Compress the dmp result and send us to analyze it.
List of generic EPP errors
The following webpages include the list of the most common errors you could find when working
with EP/EPP and Adaptive Defense:
https://www.pandasecurity.com/support/card?id=50032