Recommended Posts

Win 10 1903.... EAM 9412

First thing I do each morning after boot is look at Forensics. This morning the 27th was not at the top of the list and I couldn't get them there.

I had no problem with the log showing correctly yesterday.

Thought I would send you the debug logs but I couldn't highlight each one (service, guard, start) and send to zip. The context menu just disappeared.

I was able to highlight and send the logs folder itself though.

There looks to be some 'access denied' lines in the service log.

After quite a few clicks the 27th is now at the top as it should be.

 

 

Logs.zip

Share this post


Link to post
Share on other sites

I have discovered that if I want to highlight and send on one the debug logs (for example a2service.log) I can only do it the following day.

The logs for yesterday I can now highlight and send to zip. However the ones for today I cannot.

Is EAM preventing this while they are in use?

Share this post


Link to post
Share on other sites

I would expect the debug logs to be permanently open to EAM as it is writing to them.  Whenever I want to delete old ones, or send any to Emsisoft, I disable and immediately re-enable the debug logs.  The disabling closes the in-use files, and re-enabling creates new ones and starts writing to them.  (I have been doing this close & re-open process every three to four days for months now, to delete the older log files.)

Share this post


Link to post
Share on other sites

I have always been able to send debug logs via right-click send to zip even on the day of the logs.

As for deleting old ones I can do that any time without turning anything off.

Share this post


Link to post
Share on other sites

I'd expect "send to zip" to be able to send only the data in the disk file, not anything still pending a flush to disk.  I wonder how often the flush occurs?

Here [Win 8.1], deleting old ones isn't an issue except that they have to be old (ie not the current file) before that works.   If I try to delete an in-use log Windows tells me it's in use by EAM.  I have debug logging on all the time and while some of the debug logs seem to close & start anew every few days (maybe each time there's a restart of part of EAM?) others span many days' use.  The only way I can get rid of them is to close them first.

Share this post


Link to post
Share on other sites

On another 1903 Pro machine which I have just updated to beta 9469, I am able to right-click on any of the in use debug logs and select send to zip.

In other words the context menu works for in use debug log files on that machine.

I can only assume that the context menu of the EAM debug logs has become corrupt in some way on the other machine. I have purged all logs from the GUI and also by turned debug logging off and on but it makes no difference. That is the only area of that machine where the context menu is affected.

I may just have to do a reinstall of EAM without any further ideas.

Share this post


Link to post
Share on other sites

As there has been no comment from devs on how this context menu corruption of EAM debug logs may have occurred, I guess I'll just forget it for now.

Share this post


Link to post
Share on other sites

I guess my logs about it weren't of any interest either :(

Share this post


Link to post
Share on other sites

If I right-click an in-use debug log here, I can certainly choose 'send to zip' and that does work, in the sense that I end up with a zipped file.  But - unless something in Windows asks the owning application to flush the file to disk, it might not be complete.  It depends also on how often EAM does that flush.    If I try the 7-zip equivalent command, 7zip says it cannot do it because the file is open.

When you say "... the context menu of the EAM debug logs has become corrupt..."  here I just see a normal 'File Explorer' context menu.  Nothing special.

When you say   "I have purged all logs from the GUI"   do you mean the EAM GUI or File Explorer?   I wasn't aware that you could 'purge' debug logs from anywhere inside EAM.

Share this post


Link to post
Share on other sites

Jeremy I have send debug logs to the devs the same way for years.. and they are complete up to the time that I do it.

As regards the context menu corruption , when I highlight the 3 logs and right-click the context menu appears and immediately disappears.

I purged all logs via the gui (Settings.. Advanced.. Factory defaults.. Revert.. clear all logs and reset counters.)

I also turned off debug logginging and deleted all logs inside ProgramData Emsi folder.

After turning debug logging back on the same issue occurs with the in use debug logs.

The a2service logs contain an access denied error which may have some relevance.

It is a form of corruption of EAM debug logging just on this machine, so I doubt it will have a high priority.

 

Share this post


Link to post
Share on other sites
10 minutes ago, JeremyNicoll said:

> I purged all logs via the gui

But that's surely forensic logs only?

 

 

  I wanted to start with a clean slate so I got rid of everything (by the way the reset counters also gets rid of the 'malware objects detected'' number on the main gui)

Share this post


Link to post
Share on other sites
8 hours ago, JeremyNicoll said:

> I wnted to start...

Sure, but not the debug logs.

?

I got rid of all logs including debug logs to see if it still happened when debug logging was restarted... it did.

All debug logs I deleted from ProgramData.

Share this post


Link to post
Share on other sites

OK, got you.  It'd have been clearer if you'd said "all forensic logs" though, when talking about stuff deleted from the EAM GUI.  I wondered if you'd found a facility I didn't know about. 

It's also just occurred to me that you (still?) turn off your machine every day?  That would mean you'd have new sets of debug logs every day.  I leave my machine on for days at a time, which means there's no such thing as an older debug log a lot of the time.

Share this post


Link to post
Share on other sites

stapp,

EAM keeps the logfiles open as long as you keep debuglogging enabled.  You can copy them to another folder to zip them, or disable debuglogging in EAM, which will release the files. you cannot zip them while they are 'open' for writing.

older debuglogs are released and can be zipped any time.

this has been like this for years, nothing changed.

Quote

I can only assume that the context menu of the EAM debug logs has become corrupt in some way on the other machine

if there is an issue with the explorer context menu, its a windows thing and has nothing todo with EAM.

 

 

 

Share this post


Link to post
Share on other sites
7 hours ago, Frank H said:

stapp,

   You can copy them to another folder to zip them, 

 

 I do not understand why you are telling me this. 

I have been right-clicking and selecting..send to compressed zip.. on in use debug files for years now.

There is no need to copy them to another folder. The action of sending them to compressed zip from the context menu copies them.

Share this post


Link to post
Share on other sites

> I have been right-clicking and selecting..send to compressed zip.. on in use debug files for years now.

But that has only ever given you (strictly) an incomplete copy of such a log.  You've never noticed because the data as yet unwritten to the log has presumably never been for a period of time that mattered to you.   In computing in general it's better to get the application that's creating the log to close it, so all data not yet written to disk is written out, and then you can copy it or copy and zip or whatever.

Share this post


Link to post
Share on other sites

In all the years I have been sending debug logs I have always captured the event before zipping and sending the logs.

I don't need anymore instructions on how to do it.

I am finished with this thread now.

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.