locked
What is wfpdiag.etl

    Question

  • Hello,


    Using Windows Server 2008 R2 and TSM client 6.2 backup tool, I always have an error on file

    C:\Windows\System32\wfp\wfpdiag.etl


    My question is quiet simple : What is wfpdiag.etl used for ? can we exclude it from backup ? or is it really needed ?


    Thansk by advance for answer.
    Yannick
    Thursday, June 10, 2010 1:50 PM

Answers

  • Hello,

    "This is a trace file created by Windows to collect diagnostics information around ipsec and firewall activity. Such info could be later read by a troubleshooting tool to help diagnose connectivity failures. I would not expect it to be active unless you are receiving (or maybe sending) traffic which is being blocked by your security software."

    From David Beder [MSFT]: http://www.vistax64.com/vista-security/68952-wfpdiag-etl-what.html

    The file exist in each Windows version since Windows Vista.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    • Marked as answer by Bruce-Liu Monday, June 14, 2010 5:22 AM
    Thursday, June 10, 2010 5:29 PM
  • Thank you gentlemen !

    I exclude this file from backup job using the following syntax in dsm.opt file :

    EXCLUDE.BACKUP "*:\Windows\System32\wfp\wfpdiag.etl"

     

    Yannick

    • Proposed as answer by Meinolf WeberMVP Friday, June 11, 2010 9:15 AM
    • Marked as answer by Bruce-Liu Monday, June 14, 2010 5:22 AM
    Friday, June 11, 2010 8:15 AM

All replies

  • Hello,

    "This is a trace file created by Windows to collect diagnostics information around ipsec and firewall activity. Such info could be later read by a troubleshooting tool to help diagnose connectivity failures. I would not expect it to be active unless you are receiving (or maybe sending) traffic which is being blocked by your security software."

    From David Beder [MSFT]: http://www.vistax64.com/vista-security/68952-wfpdiag-etl-what.html

    The file exist in each Windows version since Windows Vista.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    • Marked as answer by Bruce-Liu Monday, June 14, 2010 5:22 AM
    Thursday, June 10, 2010 5:29 PM
  • This is a windows “trace” file.  Are you using IPSEC?  How big is this file?  If you are not doing trace or diagnostic every day, you can exclude this file. 


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX http://blogs.sivarajan.com/ http://publications.sivarajan.com/ This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, June 10, 2010 6:35 PM
  • On July 1st we will be making this forum read only. After receiving a lot of feedback from the community, it was decided that this forum is a duplication and therefore redundant of the General Forum. So, until July 1st, we will start asking customers to redirect their questions to the General Forum. On June 11th, CSS engineers will move any new threads to the General Forum.

     

    Please post a reply to the announcement thread if you have any feedback on this decision or the process. You can also email WSSDComm@microsoft.com.

    Friday, June 11, 2010 7:40 AM
  • Thank you gentlemen !

    I exclude this file from backup job using the following syntax in dsm.opt file :

    EXCLUDE.BACKUP "*:\Windows\System32\wfp\wfpdiag.etl"

     

    Yannick

    • Proposed as answer by Meinolf WeberMVP Friday, June 11, 2010 9:15 AM
    • Marked as answer by Bruce-Liu Monday, June 14, 2010 5:22 AM
    Friday, June 11, 2010 8:15 AM
  • Thanks for the update and glad it got fixed. 
    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX http://blogs.sivarajan.com/ http://publications.sivarajan.com/ This posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, June 14, 2010 1:46 PM