Collecting Logs in the GUI tool (CPInfoUI.exe)

You can use the CPInfoUI GUI tool to collect CPinfo logs from the Endpoint Security Client.

  1. On the Windows endpoint computer, navigate to %dadir%\cpinfo.

  2. Double-click cpinfoUI.exe.

    The GUI tool opens.

  3. Starting from E85.10, you must:

    1. Open the LOG PASSWORD tab.

    2. Enter the Endpoint Security Uninstall Password.

    3. Click Submit.

  4. Open the LOG CONFIG tab.

  5. Select logs to collect. The default configuration is the same as the last time you clicked Apply.

    1. Optional - To un-select all logs, click RESET.

    2. To the right of a type of log you want to collect, click this icon:

      A list of checkboxes opens.

    3. Select the logs to collect.

    Note - You can only collect logs for blades that are installed.

  6. Click Apply.

  7. If a popup window tells you to restart your computer, then restart your computer.

  8. Replicate the problem or follow instructions from Check Point Support.

  9. Click Apply this configuration.

Note - To collect logs in the legacy CPinfo tool, see sk90445.

  1. Open the Log Collect tab.

  2. Optional - Configure optional configurations.

    Menu Option

    Description

    Default Configuration

    Optional Configuration

    Beginning Date

    The earliest date for which to collect logs.

    CPInfo collects logs starting from the date of the previous time you collected logs. If this is the first time that you collect logs, CPInfo collects logs starting from the date when you installed the client.

    Enter a date in the format dd/mm/yy.

    FTP Upload Sharing

    URL of a computer to which to send logs with File Transfer Protocol (FTP).

    Not configured by default.

    Enter fttp://[URL].

    Output Archive Path

    File path where CPInfo saves log files locally on the Windows endpoint computer.

    CPInfo saves log files in C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\cpinfo.

    Enter a file path.

    Detail Level

    How much detail the logs include.

    Extended is the recommended configuration and is configured by default.

    Select General or Basic (not recommended)

    MSInfo

    Includes Microsoft System Information in the logs.

    MSInfo is the recommended configuration. If the Extended detail level is selected, MSInfo is enabled by default.

    Select or un-select MSInfo.

Best Practice - After you gather the logs you need, disable log collection immediately. Some log files use a large amount of memory on your computer.

  1. In the GUI tool, open the LOG CONFIG tab.

  2. Click DISABLE.

Infrastructure and Machine Logs

Log

Description

Extended size for client-server communication log

Sets the size of cpda.* files to 50 MB (default = 20 MB).

Note - This setting survives reboot.

Manual Performance logs

Starts Windows Performance Recording (WPR) with recommended settings.
The log is saved to the %PROGRAMDATA%\checkpoint\logs\ directory.

Automatic High-CPU logs

Starts the EPHealth monitor tool. This tool starts WPR collection when it detects high CPU usage.

The log is saved to the %temp% directory.


Compliance

Log

Description

Ics log

Enables logs that are written by icslta.dll (used in Compliance to find out all AVs and in ESOD).

The log is saved to the C:\Windows\Temp directory.
Anti-Malware

Log

Description

SDK logs

Debug logs of the Software Development Kit (SDK) detection mechanism.
This is the same as epam_svc.exe --debug 2

Important - This setting requires reboot.

Updater logs

Debug logs of the updater mechanism.

This is the same as epam_svc.exe --debug 2

Important - This setting requires reboot.

Extended service logs

Debug logs of the anti-malware service.

This is the same as epam_svc.exe --debug 1
Media Encryption and Port Protection

Log

Description

Bus Driver log

Configure this log only if Check Point Support requests it.

Function Driver log

Configure this log only if Check Point Support requests it.

Filter Driver log

Describes communication between the Disknet client and the medlpflt driver.


Firewall and Application Control

Log

Description

TvDebug

Configures tvDebug log file with maximum output.

Output is saved to C:\Windows\Internet Logs

Important - This setting requires reboot.

TvDump

Use this if there is a crash but there are no corresponding dumps in C:\Windows\Internet Logs

Vsdatant ETL Logs

Configures the main log of the Firewall Driver. This helps with investigations of why traffic is blocked or allowed, or why some connections are interrupted.

Vsmon Logs

Provides more details about vsmon.exe