Creating and Gathering Logs
If you encounter a problem with a Norton product, occasionally our teams need to gather detailed information about the issue. These come in a few forms, most commonly as logs. Most of the time, your system won't create the logs unless you get the problem to occur again with a logging tool enabled. Below are steps to setup the tool and to generate those logs. Also note that you can type anything into the "case number" field; it doesn't matter what you enter.
1) Visit the below site:
http://www.symantec.com/norton/support/kb/web_view .jsp?wv_type=public_web&docurl=20080507162141EN
2) Make one change to the steps listed:
Step 2.6: Check all the advanced options
3) In the end, no files will be sent to Symantec. The file to upload will be located here:
On Windows XP:
C:\Documents and Settings\All Users\Application Data\Symantec\ErrLogs
On Windows Vista:
C:\programdata\Symantec\ErrorLogs
4) Rename these files to your username, and upload the logs to the location provided by the Symantec Employee.
Creating and Gathering Complete Memory Dumps
We all dread the Blue Screen error, commonly referred to as Blue Screen of Death (BSOD). By default, Windows is only configured to create a small memory dump --
the minidump -- when a BSOD occurs. However, the minidump does not provide us with enough information
to figure out the problem. For this reason, we ask that you first
manually configure your computer to write a full memory dump in case
the system failure occurs again. This way, we can capture all the
critical data. By default, the full memory dump will be located in your
Windows folder, and will be called "MEMORY.DMP".
NOTE: You need to be logged in as Administrator to be able to create a Complete Memory Dump.
Windows XP:
1) Go to the System portion of the Control Panel (Shortcut: Windows Key + Pause/Break), then Click on the Advanced tab.
2) Under Startup and Recovery click Settings.
3) Click the drop-down menu under Write debugging information and select Complete memory dump.
Windows Vista:
1) Go to the System portion of the Control Panel (Shortcut: Windows Key + Pause/Break), click Advanced system settings, and click on the Advanced tab.
2) Under "Startup and Recovery" click Settings.
3) Click the drop-down menu under Write debugging information and select Complete memory dump.
4) Perform the action that causes the BSOD.
5) Find and compress the dump file, rename it to your username, and upload it to the location provided by the Symantec Employee.
Creating and Gathering User Mode Dumps
There may also be program crashes or hangs that do not cause a Blue Screen Error. In Symantec products, you'll typically see a spike in CPU use of the process "ccsvchst.exe" and a Symantec Service Framework error. For these types of issues, we will need to gather a User Mode Dump of process. Creating User Mode Dumps of running processes is very easy for Windows Vista, but it is a little more complicated in Windows XP. Below are instructions for creating User Mode Dumps for both operating systems. The dump creation process may take a long time, so please be patient.
Windows Vista:
1) Launch Task Manager. (CTRL+SHIFT+ESC)
2) Select the Processes tab.
3) Click Show processes from all users. (if not running as Administrator or not the only user account on the system)
4) Right-Click all ccsvchst.exe processes, and select Create Dump File.
5) Perform the action that causes the crash.
6) Compress and upload the dump to the location provided by the Symantec Employee.
Windows XP:
1) Install Debugging Tools for Windows:
a) http://www.microsoft.com/whdc/devtools/debugging/i nstallx86.mspx,
download and install the most recent program, doing a COMPLETE install.
b) Locate
ntsd.exe. (probably in "C:\Program Files\Debugging Tools for Windows")
c) Launch command prompt.
d) Switch to directory containing ntsd.exe in command prompt.
e) Leave the command prompt open for the duration; you will be entering a command in this window to obtain the dump.
2) Shutoff SymProtect Tamper Protection before the problem happens. This can be done in Settings > Administrative Settings. You should only shut off SymProtect temporarily. Perform the action that causes the crash. When the dump is collected, be sure to TURN IT BACK ON.
3) Locate ccSvcHst.exe using too much CPU time:
a) Launch Task Manager. (CTRL+SHIFT+ESC)
b) Select the Processes tab.
c) Click show processes from all users.Check the box for PID and click OK.
d) Wait for or re-create hung process.
e) Write down PID of ccSvcHst using too much CPU.
4) Create dump of ccsvchst from the command prompt (it will take a long time to create the dump). Type all of the below, replacing [PID] with the PID number you wrote down:
ntsd.exe -p [PID] -c ".dump /mfh c:\ccSvcHst.dmp; .detach; q"
5) IMPORTANT: turn back on SymProtect Tamper Protection when the dump is finished being created.
6) Compress and upload the dump to the location provided by the Symantec Employee.
Creating and Gathering SEAST Logs for Norton Ghost
The log gathering tools for Norton Ghost are a bit different -- they are included with the software. Also note that you can type anything into the case number field; it doesn't matter what you enter:
1) In [Installed Drive Letter]:\Program Files\Norton Ghost\Utility, launch seast.exe.
2) Choose Gather Technical Support Information and wait for the confirmation screen.
3) Navigate to [Installed Drive Letter]:\Documents and Settings\All Users\Application Data\Symantec\Norton Ghost. Several files should have been generated in the "Support" folder. (for Vista, [Installed Drive Letter]:\ProgramData\Symantec\Norton Ghost\Support)
4) Zip the contents of the Support folder, name it with your USERNAME, and upload it to the location provided by the Symantec Employee.
Message Edited by Tony_Weiss on 03-06-2009 03:54 PM
Message Edited by Tony_Weiss on 05-20-2009 09:33 PM
Tony Weiss
Norton Forums Community Manager
Symantec Corporation
Not from Tony Weiss for this issue...copied from my archives....