Logs, User Mode Dumps, and Complete Memory Dumps

Creating and Gathering SymHelp Logs

Download the SymHelp tool from www.norton.com/symhelp  and save it on your desktop. Right click on NortonSymHelp.exe downloaded file and select "Run as Administrator" option. 

  1. On the Welcome to Symantec window, select the language and click I accept the EULA
     
    <p><span class="norton-macro-body"><img src="https://community.norton.com/en/system/files/u988853/SymHelp%201.PNG" /></span></p>
    <span class="norton-macro-body"> </span></li>
    <li><span class="norton-macro-body">On the main screen, click&nbsp;<strong>Tools</strong>&nbsp;&gt;&nbsp;<strong>Collect data for a support case</strong>.&nbsp;<br />
    &nbsp; </span>
    <p><span class="norton-macro-body"><img src="https://community.norton.com/en/system/files/u988853/SymHelp%202.png" /></span></p>
    <span class="norton-macro-body"> </span></li>
    <li><span class="norton-macro-body">In the Select Products tab, select the product for which you want to collect data for.&nbsp;<br />
    &nbsp; </span>
    <p><span class="norton-macro-body"><img src="https://community.norton.com/en/system/files/u988853/SymHelp%203.PNG" /></span></p>
    <span class="norton-macro-body"> </span></li>
    <li><span class="norton-macro-body">In the Select Data Type tab, under Data Type, select&nbsp;<strong>Limited&nbsp;data for Support</strong>.&nbsp;</span></li>
    <li><span class="norton-macro-body">Under&nbsp;<strong>Debug Logging</strong>, select the installed product (Norton Product Logs) and click&nbsp;<strong>Next</strong>.<br />
    <img src="https://community.norton.com/en/system/files/u988853/SymHelp%204.1.png" />​</span></li>
    <li><span class="norton-macro-body">In the Reproduce Your Issue tab,<br />
    &nbsp;Minimize the Log tool window and reproduce the issue to capture logs[<strong>Note</strong>: Please make sure traffic rules are already as given in forum post]. Please try accessing Facebook page from different browsers having issue couple of times so that tool captures the required logs.<br />
    &nbsp; </span>
    <p><span class="norton-macro-body"><img src="https://community.norton.com/en/system/files/u988853/SymHelp%206.png" /></span></p>
    <span class="norton-macro-body"> </span></li>
    <li><span class="norton-macro-body">In the confirmation dialog box, click&nbsp;<strong>Yes</strong>.&nbsp;<br />
    &nbsp; </span>
    <p><span class="norton-macro-body"><img src="https://community.norton.com/en/system/files/u988853/SymHelp%207.png" /></span></p>
    <span class="norton-macro-body"> </span></li>
    <li><span class="norton-macro-body">The&nbsp;<strong>SymHelp</strong>&nbsp;tool starts collecting the logs.<img src="https://community.norton.com/en/system/files/u988853/SymHelp%208.png" /></span></li>
    <li><span class="norton-macro-body">In the Save tab, type your&nbsp;<strong>Norton</strong>_<strong>Forum</strong>_<strong>username</strong>&nbsp;(customer&nbsp;information), and click&nbsp;<strong>Save</strong>.&nbsp;</span></li>
    <li><span class="norton-macro-body">Please make a note of the&nbsp;<strong><u>log file location</u></strong>&nbsp;from the dialogue&nbsp;as soon as you click&nbsp;<strong>Save</strong></span></li>
    

Compress the log file then upload it to the forum thread linked in previous message.


Creating and Gathering Complete Memory Dumps

 

We all dread the Blue Screen error, commonly referred to as Blue Screen of Death (BSOD). By default, Windows is only configured to create a small memory dump --
the minidump -- when a BSOD occurs. However, the minidump does not provide us with enough information
to figure out the problem. For this reason, we ask that you first
manually configure your computer to write a full memory dump in case
the system failure occurs again. This way, we can capture all the
critical data. By default, the full memory dump will be located in your
Windows folder, and will be called "MEMORY.DMP".

 

NOTE: You need to be logged in as Administrator to be able to create a Complete Memory Dump.


Windows Vista / 7 / 8 / 10:


1) Go to the System portion of the Control Panel (Shortcut: Windows Key + Pause/Break), click Advanced system settings, and click on the Advanced tab.

2) Under "Startup and Recovery" click Settings.

3) Click the drop-down menu under Write debugging information and select Complete memory dump.

4) Perform the action that causes the BSOD or Let the issue occur - it should happen on its own, and we don't want you to force your system toward data loss.

5) Find and compress the dump file, rename it to your username, and upload it to the location provided by the Symantec Employee

.

Windows XP:


1) Go to the System portion of the Control Panel (Shortcut: Windows Key + Pause/Break), then Click on the Advanced tab.

2) Under Startup and Recovery click Settings.3) Click the drop-down menu under Write debugging information and select Complete memory dump.


 

Creating and Gathering User Mode Dumps

 

There may also be program crashes or hangs that do not cause a Blue Screen Error. In Symantec products, you'll typically see a spike in CPU use of the process "ns.exe" (Could be ns.exe, nsbu.exe, nis.exe or nav.exe depending on your Norton product) and a Symantec Service Framework error. For these types of issues, we will need to gather a User Mode Dump of process. Creating User Mode Dumps of running processes is very easy for Windows Vista / 7 / 8 / 10, but it is a little more complicated in Windows XP. Below are instructions for creating User Mode Dumps for both operating systems. The dump creation process may take a long time, so please be patient.

 

Windows Vista / 7 / 8 / 10:
1) Launch Task Manager. (CTRL+SHIFT+ESC)
2) Select the Processes tab or Details tab.
3) Click Show processes from all users. (if not running as Administrator or not the only user account on the system)
4) Right-Click all the Norton Security / ns.exe. (Could be ns.exe, nsbu.exe, nis.exe or nav.exe depending on your Norton product) processes, and select Create Dump File.

5) Perform the action that causes the crash.

6) Compress and upload the dump to the location provided by the Symantec Employee.

 

Windows XP:


1) Install Debugging Tools for Windows:
    a) http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx download and install the most recent program, doing a COMPLETE install.
    b) Locate ntsd.exe. (probably in "C:\Program Files\Debugging Tools for Windows")
    c) Launch command prompt.
    d) Switch to directory containing ntsd.exe in command prompt.
    e) Leave the command prompt open for the duration; you will be entering a command in this window to obtain the dump.

2) Shutoff SymProtect Tamper Protection before the problem happens. This can be done in Settings > Administrative Settings. You should only shut off SymProtect temporarily. Perform the action that causes the crash. When the dump is collected, be sure to TURN IT BACK ON.

 

3) Locate ns.exe (Could be ns.exe, nsbu.exe, nis.exe or nav.exe depending on your Norton product) using too much CPU time:
    a) Launch Task Manager. (CTRL+SHIFT+ESC)
    b) Select the Processes tab.
    c) Click show processes from all users.Check the box for PID and click OK.
    d) Wait for or re-create hung process.
    e) Write down PID of ns.exe (Could be ns.exe, nsbu.exe, nis.exe or nav.exe depending on your Norton product) using too much CPU.

 

4) Create dump of ccsvchst from the command prompt (it will take a long time to create the dump). Type all of the below, replacing [PID] with the PID number you wrote down:

        ntsd.exe -p [PID] -c ".dump /mfh c:\ccSvcHst.dmp; .detach; q"

5) IMPORTANT: turn back on SymProtect Tamper Protection when the dump is finished being created.

6) Compress and upload the dump to the location provided by the Symantec Employee.


Creating and Gathering SEAST Logs for Norton Ghost

 

The log gathering tools for Norton Ghost are a bit different -- they are included with the software. Also note that you can type anything into the case number field; it doesn't matter what you enter:


1) In [Installed Drive Letter]:\Program Files\Norton Ghost\Utility, launch seast.exe.
2) Choose Gather Technical Support Information and wait for the confirmation screen.
3) Navigate to [Installed Drive Letter]:\Documents and Settings\All Users\Application Data\Symantec\Norton Ghost. Several files should have been generated in the "Support" folder. (for Vista, [Installed Drive Letter]:\ProgramData\Symantec\Norton Ghost\Support)
4) Zip the contents of the Support folder, name it with your USERNAME, and upload it to the location provided by the Symantec Employee.


Creating logs for Mac

https://support.norton.com/sp/en/us/home/current/solutions/kb20100506105458EN_EndUserProfile_en_us

Follow the instructions on the above KB article to gather logs for your Norton product for Mac.