Top Row: Monitoring Control + Stats

Left Side - Monitoring Control

• Start/Stop Monitoring - Controls ETW event capture
• Status Indicator - Green = running, Gray = stopped
• Event Categories - Quick view of enabled providers

Right Side - Statistics (3 cards)

• Total Events - How many events captured since monitoring started
• Events/Second - Current capture rate (updates live)
• Uptime - How long monitoring has been running

Bottom Row: AI Troubleshooting Assistant

This is where the magic happens! The AI Assistant helps you diagnose issues using natural language questions. See the AI Assistant section for detailed information.

Three Ways to Use AI

1. Cloud AI (Subscription)

• Sign in with your account
• Uses ET Ducky's hosted AI with correlation engine
• Includes intelligent event filtering and root cause analysis
• Best for: General users, professional troubleshooting

2. BYOK (Bring Your Own Key)

• Configure your own API key in Settings
• Supports: Claude (Anthropic), ChatGPT (OpenAI), Copilot (Azure OpenAI)
• Uses your own AI quota
• Best for: Privacy-conscious users, high-volume usage

3. Hybrid

• Both subscription AND BYOK configured
• Cloud AI for troubleshooting questions
• BYOK for general analysis questions

Question Types

Troubleshooting Questions (Use Cloud AI)

Examples:

• "My Discord shortcut isn't working"
• "Excel crashes when opening large files"
• "Why won't Chrome launch?"

General Analysis Questions (Use Cloud AI or BYOK)

Examples:

• "What processes are bottlenecking my system?"
• "What processes are running?"
• "Show me high disk activity"

Context Mode Toggle

ON (Recommended):

• Sends 500 most recent events to AI
• Provides context for better analysis
• Required for troubleshooting

OFF:

• Question only, no events
• Useful for general questions
• Faster responses

Quick Action Buttons

Pre-configured prompts for common tasks:

• Analyze Recent Activity - Overview of last 100 events
• Find Repeated Errors - Identifies patterns
• Process Activity - Shows what's generating most events

Interactive Troubleshooting Flow

When the correlation engine can't find events (because issue hasn't been reproduced yet):

1. You: "My Discord shortcut isn't working"
2. AI: "I don't see Discord events. Please double-click your shortcut RIGHT NOW, wait 3 seconds, then type 'done'"
3. You: (clicks shortcut)
4. You: "done"
5. AI: (Analyzes fresh events and diagnoses the problem)

Quick Profiles

Minimal Impact (Low Performance Overhead)

• Registry: ✓
• Process: ✓
• File System: ✗
• Network: ✗
• ~150 events/sec

Balanced (Recommended)

• Registry: ✓
• Process: ✓
• File System: ✓
• Network: ✗
• ~650 events/sec

Maximum Visibility (High Performance Overhead)

• All enabled
• ~950 events/sec
• Use only when actively troubleshooting

Individual Provider Controls

Each provider has:

• Toggle - Enable/disable
• Description - What it captures
• Impact indicator - Performance overhead

Best Practice: Enable only what you need, when you need it.

Monitoring Strategy

🎯 Daily Use (Proactive)

Minimal Impact profile

• Registry: ON
• Process: ON
• File System: OFF
• Network: OFF
• Low overhead (~150 events/sec)
• Catches crashes, permission issues
• Can run all day

🔧 Active Troubleshooting (Reactive)

Maximum Visibility profile

• All providers: ON
• High overhead (~950 events/sec)
• Only enable when reproducing issues
• Disable when done

🎮 Gaming/Performance Critical

Turn monitoring OFF

• Zero overhead
• Enable only when diagnosing game issues

System Analysis Features

Purpose: Deep-dive analysis of captured events with AI insights.

1. Event Analysis
   • Shows top processes by activity
   • Groups events by type
   • Identifies anomalies
2. Pattern Detection
   • Repeated errors
   • Failed operations
   • Performance bottlenecks
3. AI Insights (if configured)
   • Automatic analysis of detected patterns
   • Recommendations
   • Root cause identification

Events Page

Real-time event viewer with filtering and search.

Columns

• Timestamp - When the event occurred
• Type - FileSystem, Registry, Process, Network
• Process - Which application generated it
• Operation - What action (Read, Write, Create, etc.)
• Path/Details - Target file, registry key, etc.
• Result - SUCCESS, ACCESS_DENIED, ERROR, etc.

Filters

• By Type - Show only File/Registry/Process/Network
• By Process - Filter to specific application
• By Result - Show only errors/failures
• Search - Find specific paths or keywords

Common Patterns to Look For

Application Not Launching

• Look for ACCESS_DENIED on .exe files
• Check for missing DLL files (NAME_NOT_FOUND)
• Registry permission errors

Performance Issues

• High event count from single process
• Repeated file access to same location
• Registry query loops

Network Problems

• TcpConnect failures
• DNS resolution errors
• Connection timeouts

Cloud AI Subscription Tiers

BYOK Configuration

Navigate to Settings → AI Configuration

Claude (Anthropic)

• API Key: sk-ant-...
• Model: claude-haiku-4-5-20251001 (recommended)
• Model: claude-sonnet-4-5-20250929 (more powerful)

ChatGPT (OpenAI)

• API Key: sk-proj-...
• Model: gpt-4o-mini (recommended for speed/cost)
• Model: gpt-4o (more powerful)

Azure OpenAI (Copilot)

• API Key: Your Azure API key
• Endpoint: Your deployment endpoint
• Deployment: Your model deployment name

Subscription Management

Auto-Detection

• Dashboard automatically detects active subscription on launch
• No need to manually "activate"
• Refresh button (⟳) to manually re-check

Usage Tracking

• Check remaining queries in Account page
• Queries reset monthly
• Enterprise tier = unlimited

Common Scenarios Quick Reference

"My app crashed"

1. ✅ Process monitoring: ON
2. ✅ Start monitoring
3. ✅ Launch app
4. ✅ Wait for crash
5. ✅ AI: "My [app] crashed, can you analyze what happened?"

"File won't open"

1. ✅ File System: ON
2. ✅ Start monitoring
3. ✅ Try to open file
4. ✅ AI: "I can't open [file/file type] in [app]"

"Slow performance"

1. ✅ All providers: ON
2. ✅ Monitor for 2 minutes during slowness
3. ✅ AI: "What processes are bottlenecking my system?"

"Network not connecting"

1. ✅ Network: ON, Process: ON
2. ✅ Start monitoring
3. ✅ Reproduce connection attempt
4. ✅ AI: "Can't connect to [service]"

"Installation failed"

1. ✅ All providers: ON
2. ✅ Start monitoring BEFORE installer
3. ✅ Run installer
4. ✅ AI: "[Software] installation failed with error [code]"

Generic Troubleshooting Workflow

1. Step 1: Enable Monitoring
   • Dashboard → Select appropriate profile or individual providers
   • Click "Start Monitoring"
   • Verify green status indicator
2. Step 2: Reproduce Issue
   • Perform the action that causes the problem
   • Wait 5-10 seconds to capture related events
   • Stop monitoring if needed
3. Step 3: AI Analysis
   • AI Assistant: "Show me any repeated errors or failures in the recent events"
   • Review pattern analysis
   • Ask follow-up: "What's causing [repeated error]?"
4. Step 4: Prevention
   • Follow AI remediation steps
   • Monitor again to verify fix
   • Consider root cause hardening recommendations

AI Assistant Tips

❌ Don't:

• "Something is wrong with my computer" (too vague)
• Ask without monitoring enabled
• Expect diagnosis without reproducing issue

✅ Do:

• "My Discord shortcut doesn't launch the window" (specific)
• Start monitoring BEFORE reproducing issue
• Follow interactive instructions exactly
• Type "done" after reproducing when AI asks

Combining Providers for Specific Issues

App Crashes

• Process: ON (catch the crash)
• File System: ON (missing files?)
• Registry: ON (corrupted config?)
• Network: OFF (not needed)

Network Debugging

• Network: ON (connections)
• Process: ON (which app?)
• File System: OFF
• Registry: OFF

Installation Analysis

• ALL providers: ON (comprehensive view)

Event Count Interpretation

Smart Filtering Strategies

Find All Errors

Events Page → Filter by Result

• ACCESS_DENIED
• NAME_NOT_FOUND
• ERROR
• SHARING_VIOLATION

Isolate Specific App

Events Page → Filter by Process Name

• Group related events
• Look for patterns

Timeline Analysis

Events Page → Sort by Timestamp

• Find exact moment problem occurred
• See what happened before/after

Performance Optimization

If ET Ducky itself is slow:

1. Stop monitoring when not needed
2. Use Minimal Impact profile
3. Clear old events (restart monitoring)
4. Disable unused AI providers in Settings

Privacy Considerations

For sensitive environments:

• Use BYOK instead of Cloud AI
• Events never leave your machine with BYOK
• File paths are visible in events (be aware)
• Registry values are NOT captured (only keys)

The ET Ducky Method

1. Enable relevant monitoring for your issue type
2. Start monitoring BEFORE reproducing problem
3. Reproduce the issue while capturing events
4. Ask AI specific questions about what you observed
5. Follow AI guidance through interactive troubleshooting
6. Verify the fix worked by testing again
7. Disable monitoring when done to save resources

Remember: ET Ducky is a diagnostic tool, not a magic fix button. It helps you understand WHAT is wrong and WHY, then guides you through fixing it. The more specific your questions and the better your event capture, the more accurate the diagnosis.

Getting Help

When Contacting Support

Include:

1. ET Ducky version
2. Windows version
3. Screenshot of issue
4. Steps to reproduce
5. AI conversation history
6. System Analysis screenshot

Support Channels

• Email: support@etducky.com
• In-App: Use AI Assistant for quick questions
• Documentation: This page!