Growing ETL files, including EagleEye1, in AMSP\Debug, can't stop large files! - TM Internet Security

  • 2
  • Problem
  • Updated 2 years ago
  • Acknowledged
Like others I've read about, I can't stop the large growing files in the AMSP\debug folder!    I've make the recommended changes to the .INI files and confirmed after rebooting that they are set to 0, but the log files are still growing.

Some have particularly concerning names -- like <datetime>_EE_EagleEye1.etl
  • Q1: What are these EagleEye files?  Is it possible I have a hidden virus that TM didn't detect?
  • Q2: Why are files still be created if debugging/logging is turned off?

I've also tried running a Rescue Disk boot but it would not get through the initialization procedure to the point of actually scanning anything :(

Help?!

OS: Windows XP
TM Internet Security version: 10.0.1294 - USPA002006.3803
Photo of trendmicro

trendmicro

  • 110 Points 100 badge 2x thumb

Posted 2 years ago

  • 2
Photo of TM_Jabi

TM_Jabi

  • 7,242 Points 5k badge 2x thumb
Hello @trendmicro and welcome to this new community! 

Thanksforinforming this issue! 
Please see the answers to your questions below:
  • Q1: EagleEye is one of the feature of the Trend Micro program that monitors the behavior of any application using or connected to the Internet.
  • Q2: The log files on your computer is being generated by Microsoft itself, not our program. That's why the solutions and workarounds that you had tried did not work. 
We are also looking in to the possibility that this performance issue is related your operating system. Since you are still using Windows XP, your computer becomes more vulnerable to security risks and viruses. Internet Explorer 8 is also no longer supported, so if your Windows XP PC is connected to the Internet and you use Internet Explorer 8 to surf the web, you might be exposing your PC to additional threats. Also, as more software and hardware manufacturers continue to optimize for more recent versions of Windows, you can expect to encounter more apps and devices that do not work with Windows XP. 

You can read their official statement about this. 
Windows XP support has ended

Here's our official statement as well. 
Trend Micro's official statement for Windows XP's Consumer End of Support (EOS)

If you continue using Windows XP, it may cause more issues in the future.

Please feel free to contact us in the community any time when you need help for TrendMicro products in the future. 
Thank you! 
    Trend Micro Home Users Community
    (Edited)
    Photo of trendmicro

    trendmicro

    • 110 Points 100 badge 2x thumb
    Hello Jabi!

    Thank you for the reply.

    I am aware that support for XP has been discontinued by Microsoft; like over 20% of people still using XP however, two of my computers are sufficiently old that they can't run the newer MS Operating Systems, and they serve a useful purpose for us.  I do understand the risks with running an OS no longer being maintained.

    That all said, I feel you did not really answer my question about these growing and mysterious log files.

    Your response to Q1: EagleEye -- great .. one of your features, got it.  That implies TM is generating these files

    Your response to Q2: I find it highly unlikely Microsoft is randomly generating files, with the name of one of the TM features, inside of the TM directory tree.    

    I need someone to explain
    1. what these files are,
    2. what is generating them and why,
    3. how to keep them from growing or disable their use

    I'm concerned this is malware generating these files, and TM should have an interest in making sure this is resolved.

    Thanks for your help.
    --Rob
    Photo of TM_Shella

    TM_Shella, Employee

    • 2,070 Points 2k badge 2x thumb
    Hi @trendmicro,

    As previously stated, ETL files are debug logs created by Microsoft. Continuous collection of logs only means that Trend Micro is detecting a malicious activity on your computer, thus Eagle Eye was stated on the list and is saved on the AMSP folder. 

    You may refer to the link below on how to download and install the Hijackthis tool to check for malware.

    Generating Trend Micro HijackThis logs for malware analysis

    After that, make sure to run the Anti Threat Toolkit from the link below. Just choose Clean Infected Computers.

    Using the Trend Micro Anti-Threat Toolkit to analyze malware issues and clean infections - For Home and Home Office users

    Aside from the Hijackthis and Anti-threat Toolkit, you may also manually uninstall Potentially Unwanted Applications on your computer.

    Uninstalling Potentially Unwanted Applications (PUA)

    Please note that setting the .INI file to 0 will only reset the settings to default. It does not actually stop the collection of logs but will only get those that are important like in your case. 

    Again, since you are still using Windows XP, you will encounter this kinds of issue as your device no longer receives updates. 

    Do let us know the results of the steps above. Should you have more questions, contact out Trend Micro Community any time.

    Have a great day!
    Photo of trendmicro

    trendmicro

    • 110 Points 100 badge 2x thumb
    I have a major problem now.

    I followed your advice above.

    1. Using the help of HijackThis I removed a few items.
    2. Before running HijackThis I uninstalled TrendMicro Internet Security (which was installed on that XP machine)
    3. I ran the Anti-Threat toolkit, and it said my computer was clean (nothing found)

    The BIG problem I now have -- Trend Micro installer won't let me re-install the TrendMicro software now (I purchased a 5-user license for TM Maximum Security), saying that it wouldn't install because I'm still running XP on that box.

    Because it's an older computer and I can't upgrade the RAM or processor, upgrading the O/S is not a viable option for me. (doing so also would cause other older software I rely on to break).

    Does TrendMicro have a solution I can run on that XP box, with current/updating virus signatures?  Is there a way I can get Max. Security to run on that box?  Although I realize XP is older, surely, you would not advise that I leave it unprotected without an anti-virus tool on it, right?  

    HELP?!!

    --Rob
    Photo of TM_Jandy

    TM_Jandy

    • 504 Points 500 badge 2x thumb
    Hi @trendmicro.

    The latest version of the Trend Micro Security no longer supports Windows XP computer, This is because Microsoft no longer fixes issues on Windows XP, and it has become increasingly difficult for Trend Micro to keep users safe on this operating system. We encourage all of our users to upgrade their PCs to a more modern operating system which will provide greater stability and security.

    But we also have the 2016 version of the Trend Micro Security program that you can use on your computer to protect it. Please download the program installer by clicking on this link.

    Best Regards,

    Trend Micro Home Users Community
    Photo of trendmicro

    trendmicro

    • 110 Points 100 badge 2x thumb
    Thank you for that response.  

    I explained the situation with that computer stopping me from upgrading.

    Given this scenario, are you saying you'd recommend using the 2016 version of TM instead of a different program which actively still supports Windows XP?

    Two questions:
    (1) will TM 2016 still receive signature and/or any other updates as new threats are discovered?

    (2) will my 5-license 2017 Maximum Security license work, that has already been paid for, with that version?

    Thank you,
    --Rob
    Photo of TM_Jandy

    TM_Jandy

    • 504 Points 500 badge 2x thumb
    Hi @trendmicro.

    Thank you for your response.

    What we recommend is to upgrade the computer's operating system, but since it cannot be upgraded then the alternative solution is to use a lower version (2016) which is compatible with the computer's operating system. Though it is a lower version, it will still receive updates and you can use your new license to activate it.

    Should you have further questions, please do not hesitate to reply to this thread.

    Best regards,

    Trend Micro Home Users Community

    This conversation is no longer open for comments or replies.