DPDTrace command line logging tool used for patch detection issues

Version 74
    There is a GUI version of this tool located here DPDTrace GUI Tool: Used to troubleshoot patch detection issues  If you have any issues running the command line version of the DPDTrace or prefer to use a GUI for the tool. Please use this version of the DPDTrace.



    This document outlines how to run a DPDTrace. This will be necessary when troubleshooting detection issues.




    DPD (Dynamic Product Detection) is the method the Shavlik Protect scan engine uses to determine what supported products are installed on the machine. This tool was created to troubleshoot patch scan issues where we need to know what is going on during the DPD process.


    .Net Framework v4.0.30319 or newer needs to be installed for this to work


    1. Download DPDTrace.zip (See attachment at bottom of this page) and extract the file into a folder on the root of C:\
    2. Read Disclaimer.txt.
    3. Open an Administrator CMD prompt and change directory to C:\DPDTrace


    cd directory.png


    1. Enter the following command, replacing {MACHINE_NAME} {ADMIN_USER_NAME} {PASSWORD} and {PATCHTYPE} with corresponding values. ({MACHINE_NAME} has to be the Target machine that is having the detection problem





    • Failure to supply any one of these values ({MACHINE_NAME}  {ADMIN_USER_NAME} and {PASSWORD}) will cause the test to fail.
    • {ADMIN_USER_NAME} needs to be in the format domain\username
    • {PATCHTYPE} has the following possible values:
      • 1  - Security patches
      • 4  - Security tools
      • 8  - Non-Security patches
      • 9  - Security and non-security patches
      • 13 - Security, non-security and tools. (recommended)

    Unless explicitly asked to use a different variable here, use 13 to include all patch types.


    Example of the command:



      If you are in an offline\proxied environment, you must download the HF7b.xml and WindowsPatchData.zip file directly and place it in the extracted DPDTrace \DataFiles folder.


    • If you need to scan with a older scan engine, you may do so by adding the VERSION number to the end.
    • If no version is specified, it will use BOTH 9.2.5119 and 9.1.1037 scan engine. (recommended for most customers)
    • If no version is specified and the machine is offline (or the HF7b.xml and WindowsPatchData.zip files are in the DataFiles folder), then the engine will use BOTH 9.2.5119 and 9.1.1037 scan engine. Please be sure to delete WindowsPatchData.zip folder if the Protect console is only running 9.1.1037 scan engine.
    • Possible values:
      • 8.0.87
      • 9.0.651
      • 9.1.1037
      • 9.2.5119




         5.      When the command line is initiated, a window titled 'Rename HF.1 Log' will appear with an OK button. Do not close this window as the scan continues.


    rename prompt.png


         6.    When the scan has completed the command prompt window will say 'Test Complete. 

      • Please zip the HFCLI folder (include sub-folders) and send it back to us'.

    dpd pic.png


         7.  Include the following registry exports from the target machine.  This will not only save time, it will also greatly increase our chances of determining the root cause of the detection issue and correcting it.


    • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432\Microsoft\Windows\CurrentVersion\Uninstall
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products
    • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages
    • HKLM\SOFTWARE\Classes\Installer\Patches


    This document has a batch file that retrieves the needed registry keys: Batch File for Obtaining Registry  Exports for Detection Related Issues


    Please zip all files into one archive file before emailing or attaching to the case.


    Affected Product(s)


    All version of Protect and SDKs using the HFCLI.exe scan engine.