We are using McAfee Client Proxy v22.214.171.1248. I have noticed in c:\programdata\McAfee\MCP\Logs a number of files named "McpContinuousEtlTraces.etl", along with a "ContinuousTraceRun.log" file. The etl files range from a few hundred kilobytes to 150 megabytes in size.
These items appeared about a month ago, but I can't tie them to a particular install or policy change.
I see no information about the files in the MCP documentation or the KB. I have not run any connection traces in the MWG interface for my machine that correspond with the etl file dates.
The log file shows activity like this. After each trace action the log files are rolled, saving the last 10.
[21-5-2017] 1:3:14:708 [Function]: stopPreviousRunningTrace started
[21-5-2017] 1:3:14:708 ControlTrace(stop) returned with status = 0x1069
[21-5-2017] 1:3:14:708 The Trace was not Already Running status = ERROR_WMI_INSTANCE_NOT_FOUND
[21-5-2017] 1:3:14:708 [Function]: startMcpETWTrace ended
[23-5-2017] 14:12:21:328 [Function]: StopMcpETWTrace started
[23-5-2017] 14:12:21:328 FlushTrace succeeded
[23-5-2017] 14:12:21:328 Stopped Continuous MCP Service Tracing
[23-5-2017] 14:12:21:328 [Function]: StopMcpETWTrace ended
[23-5-2017] 14:13:9:10 [Function]: startMcpETWTrace started
[23-5-2017] 14:13:9:10 startMcpETWTrace(): ContinuousTrace Starting in PID = 2672, TID = 2676
What is causing MCP to create these files, and what are they used for?
Note sure why a search didn't find it before, but apparently this is a known issue for MCP in Windows 10RS2. I have submitted a new case noting it appears on Windows 7 Professional systems as well.
McAfee Client Proxy 2.x Known Issues (KB83131)