TraceLog

  • Thread starter Thread starter David
  • Start date Start date
D

David

I'm trying to use TraceView after executing Tracelog.
Is this the right forum or if not could someone point me to the correct one.

Thanks
David
 
chas2209
Thanks already familiar with MSDN explanation.

This is where my confusion lies:

Problem:

Windows Firewall Exceptions is toggling on "File and Print Sharing" sometime
during the boot process. My desired default is "Off".
I want to locate where/ how this is occuring.

Tried to date:

1) Started tracelog from the command prompt, rebooted, and obtained a log
file. Toggle off tracelog. MSDN indicates you need TraceView in order to
read the tracelog log file. Open traceview and loaded log file but log input
appears to be junk.

2) Executed traceview. Per MSDN selected System.tmf file and also checked
Kernel FileIO and Registry per MSDN. Got what appears to be a good log
file but not sure what you do with it because it appears to only give object
references (e.g. 0x..........). Also can't imagine Traceview generated
this log during boot since the system was not rebooted. Whether traceview
can log during boot is still unknown.

So,

1) Will traceview allow me to generate a log during boot?
2) If I get a good file, how do I associated -- find -- the object
reference(s) (e.g. 0x..........) that relate to "File and Print Sharing"?

Any ideas?

David
 
chas2209
Thanks already familiar with MSDN explanation.

This is where my confusion lies:

Problem:

Windows Firewall Exceptions is toggling on "File and Print Sharing" sometime
during the boot process.   My desired default is "Off".
 I want to locate where/ how this is occuring.

Tried to date:

1)  Started tracelog from the command prompt, rebooted, and obtained a log
file.  Toggle off tracelog.  MSDN indicates you need TraceView in order to
read the tracelog log file. Open traceview and loaded log file but log input
appears to be junk.

2)  Executed  traceview.  Per MSDN selected System.tmf file and also checked
Kernel FileIO and Registry per MSDN.   Got what appears to be a good log
file but not sure what you do with it because it appears to only give object
references (e.g. 0x..........).   Also can't imagine Traceview generated
this log during boot since the system was not rebooted.    Whether traceview
can log during boot is still unknown.

So,

1)  Will traceview allow me to generate a log during boot?
2)  If I get a good file, how do I associated -- find -- the object
reference(s) (e.g. 0x..........)  that relate to  "File and Print Sharing"?

Any ideas?

David
Click to expand...

Do you check it right before and right after a reboot?

Or do you do clear it, reboot, do some other stuff (like browsing) and
then find it changed?

What are your anti virus/malware arrangements?

Anything like that load at startup that could be disabled to test and
then say "if I reboot with this turned off, things are okay".
 
Jose: Regarding your questions
Yes

No
Click to expand...

Have them disabled during testing other than Windows Firewall


Nothing in registry under Start Run. Have executed "SysInternals" startup
program. Identifies quite a few programs (dlls, registry). Hence the idea
to use tracelog to identify "File and Print Sharing" issue..


chas2209
Thanks already familiar with MSDN explanation.

This is where my confusion lies:

Problem:

Windows Firewall Exceptions is toggling on "File and Print Sharing"
sometime
during the boot process. My desired default is "Off".
I want to locate where/ how this is occuring.

Tried to date:

1) Started tracelog from the command prompt, rebooted, and obtained a log
file. Toggle off tracelog. MSDN indicates you need TraceView in order to
read the tracelog log file. Open traceview and loaded log file but log
input
appears to be junk.

2) Executed traceview. Per MSDN selected System.tmf file and also checked
Kernel FileIO and Registry per MSDN. Got what appears to be a good log
file but not sure what you do with it because it appears to only give
object
references (e.g. 0x..........). Also can't imagine Traceview generated
this log during boot since the system was not rebooted. Whether traceview
can log during boot is still unknown.

So,

1) Will traceview allow me to generate a log during boot?
2) If I get a good file, how do I associated -- find -- the object
reference(s) (e.g. 0x..........) that relate to "File and Print Sharing"?

Any ideas?

David
Click to expand...

Do you check it right before and right after a reboot?

Or do you do clear it, reboot, do some other stuff (like browsing) and
then find it changed?

What are your anti virus/malware arrangements?

Anything like that load at startup that could be disabled to test and
then say "if I reboot with this turned off, things are okay".
 
Back
Top