1 Reply Latest reply on May 25, 2017 1:31 PM by pejacoby

    McpContinuousEtlTraces.etl - how to disable?

    pejacoby

      We are using McAfee Client Proxy v2.3.1.278.  I have noticed in c:\programdata\McAfee\MCP\Logs a number of files named "McpContinuousEtlTraces.etl", along with a "ContinuousTraceRun.log" file.  The etl files range from a few hundred kilobytes to 150 megabytes in size.

       

      These items appeared about a month ago, but I can't tie them to a particular install or policy change.

      I see no information about the files in the MCP documentation or the KB.  I have not run any connection traces in the MWG interface for my machine that correspond with the etl file dates.

       

      The log file shows activity like this.  After each trace action the log files are rolled, saving the last 10.

       

      [21-5-2017] 1:3:14:708 [Function]: stopPreviousRunningTrace started

      [21-5-2017] 1:3:14:708 ControlTrace(stop) returned with status = 0x1069

      [21-5-2017] 1:3:14:708 The Trace was not Already Running status = ERROR_WMI_INSTANCE_NOT_FOUND

      [21-5-2017] 1:3:14:708 [Function]: startMcpETWTrace ended

      [23-5-2017] 14:12:21:328 [Function]: StopMcpETWTrace started

      [23-5-2017] 14:12:21:328 FlushTrace succeeded

      [23-5-2017] 14:12:21:328 Stopped Continuous MCP Service Tracing

      [23-5-2017] 14:12:21:328 [Function]: StopMcpETWTrace ended

      [23-5-2017] 14:13:9:10 [Function]: startMcpETWTrace started

      [23-5-2017] 14:13:9:10 startMcpETWTrace(): ContinuousTrace Starting in PID = 2672, TID = 2676

       

      What is causing MCP to create these files, and what are they used for?