Windows® Performance Toolkit (Xperf) is a command-line tool used for monitoring to produce in-depth performance profiles of Windows operating systems and applications. These logs help the Support team investigate performance issues with Endpoint Detection and Response on Windows devices.
Create an Xperf log
Complete these steps on the affected endpoint when requested by Support.
- Install the Software Development Kit on Microsoft's support site.
Note: During installation, select Windows Performance Toolkit, as this includes Windows Performance Recorder, Windows Performance Analyzer, and Xperf. - Download the collect_perf_diagnostics.zip file attached at the bottom of the article and extract it.
- Open the Windows command line (CMD) with administrative privileges.
- Use the following commands to run the collect_perf_diagnostics.bat script. You may need to modify the location if the download path is different.
cd %userprofile%/Downloads/collect_perf_diagnostics
collect_perf_diagnostics.bat - Reproduce the issue. Note the time when the issue occurs while capturing the event. Do not close the CMD window.
- To stop logging and save the log file on the desktop, run the following command:
stop
- The script will save a compressed log file named collect_pef_diagnostics-<timestamp>.etl in the directory where it was executed.
- Upload the collect_perf_diagnostics-<timestamp>.etl file using the file upload link provided by your Support agent, then respond to your support ticket email.