Summary

The Support Diagnostics Platform (SDP) manifest file is designed to collect relevant registry data, configuration files, and event log information to help troubleshoot common Forefront Client Security support issues. This article provides details on the data collected by the Forefront Client Security Troubleshooter.

More Information

This article describes the information that may be collected from a machine when running Forefront Client Security Troubleshooter.Information CollectedAntimalware client support files

Description

File Name

Application event entries of Forefront Client Security

MPApplicationEvents.txt

AM jobs in Network service context

MpCmdRun-NetworkService.log

AM jobs in System context

MpCmdRun-System.log

AM service log (RTP, perf, scans,…)

MPLog-{Date}-{timestamp}.log

Forefront Client Security registry information

MPRegistry.txt

Signature update information on install

MpSigStub.Log

Compressed support files

MPSupportFiles.cab

Software Explorer information

MPSWE.txt

System event entries of Forefront Client Security

MPSystemEvents.txt

Windows update log

WindowsUpdate.log

AutoRuns Information

Description

File Name

Autorun information

{Computername}_Autoruns.htm{Computername}_Autoruns.xml

Collecting Log Files

Description

File Name

Security Center AV information

{Computername}_SecurityCenter.txt

Forefront Client Security Setup logs

{Computername}_Clientsetup.log{Computername}_FCSAM.log{Computername}_FCSSSA.log

Forefront Client Security Application data tree information

{Computername}_FCS_APPDATA_TREE.log

Event Log files

Description

File Name

Export of the Application event log

{Computername}_evt _Application.csv{Computername}_evt _Application.evt(x){Computername}_evt_Application.txt

Export of the System event log

{Computername}_evt_System.csv{Computername}_evt_System.evt(x){Computername}_evt_System.txt

File Version Information (ChkSym)

Description

File Name

Symbol verification for:AM ClientAM EngineSSA Client

{Computername}_symAMClient_DIR.txt{Computername}_symAMClient_DIR.csv{Computername}_symAMEngine_DIR.txt{Computername}_symAMEngine_DIR-csv{Computername}_symSSAClient_DIR.txt{Computername}_symSSAClient_DIR.csv

Installed Updates/Hotfixes

Description

File Name

Installed updates history

{Computername}_Hotfixes.csv{Computername}_Hotfixes.txt{Computername}_Hotfixes.htm

Registry Information

Description

File Name

Registry Hive for keys pertaining system informationSoftware\Microsoft\Windows NT\CurrentVersionSoftware\Microsoft\Windows\CurrentVersion

{Computername}_reg_CurrentVersion.txt

Registry Hive for keys pertaining to Installed Software. Data gathered from SOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\Microsoft\Windows NT\CurrentVersion\HotfixSOFTWARE\Microsoft\HotfixSOFTWARE\Microsoft\Active SetupSOFTWARE\Microsoft\Active SetupSOFTWARE\Microsoft\Windows\CurrentVersion\SetupSOFTWARE\Microsoft\Updates

{Computername}_reg_Software.txt

Registry Hive for keys pertaining policy information. Data gathered from HKCU\Software\PoliciesHKLM\Software\PoliciesHKCU\Software\Microsoft\Windows\CurrentVersion\PoliciesHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies

{Computername}_reg_Policies.txt

Registry Hive for keys pertaining to timezone information. Data gathered from SYSTEM\CurrentControlSet\Control\TimeZoneInformationSOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones

{Computername}_reg_TimeZone.txt

Registry Hive for keys pertaining to services information. Data gathered from SYSTEM\CurrentControlSet\Services

{Computername}_Services_Key.txt

Registry Hive for keys pertaining to Session Manager. Data gathered from SYSTEM\CurrentControlSet\Control\Session Manager

{Computername}_SessionManager_Key.txt

Registry Hive for keys pertaining to OLE. Data gathered from Software\Microsoft\OLE

{Computername}_HKLM_OLE_Key.txt

Registry Hive for keys pertaining to Forefront Client Security Policy. Data gathered from SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security

{Computername}_HKLM_Policies_ClientSecurity.txt

Registry Hive for keys pertaining to Forefront Client Security configuration. Data gathered from SOFTWARE\Microsoft\Microsoft Forefront\Client Security

{Computername}_HKLM_ClientSecurity.txt

Registry Hive for keys pertaining to Operations Manager configuration. Data gathered from Software\Microsoft\Microsoft Operations ManagerSoftware\Mission Critical Software

{Computername}_HKLM_MOM.txt

Registry Hive for keys pertaining to Automatic UpdatesData gathered fromSoftware\Microsoft\Windows\CurrentVersion\WindowsUpdateSOFTWARE\Policies\Microsoft\windows\WindowsUpdateHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdateHKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate

{Computername}_WindowsUpdate.txt

Registry Hive for keys pertaining to IEData gathered fromHKLM\SOFTWARE\Microsoft\Internet ExplorerHKCU\SOFTWARE\Microsoft\Internet ExplorerHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXEHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsHKLM\Software\Microsoft\Windows\CurrentVersion\Internet SettingsHKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet SettingsHKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet SettingsHKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet SettingsHKLM\Software\Microsoft\Internet DomainsHKLM\Software\Microsoft\Internet Connection WizardHKCU\Software\Microsoft\Internet Connection WizardHKLM\Software\Microsoft\Internet Account ManagerHKCU\Software\Microsoft\Internet Account ManagerHKLM\Software\Microsoft\IEAKHKCU\Software\Microsoft\IEAKHKCU\Software\Microsoft\IEAK6HKLM\Software\Microsoft\IE Setup

{Computername}_IE.txt

Resultant Set of Policy (RSOP)

Description

File Name

Policy information

{Computername}_GPResult.txt

Security State Assessment

Description

File Name

Security State Assessment trace(s)

{Computername}_SSA_Log{id}.etl

Security State Assessment result file

{Computername}_{GUID}.xml

System Information

Description

File Name

System information

{Computername}_msinfo32.nfo{Computername}_msinfo32.txt

System State Information

Description

File Name

MPFilter information

{Computername}_Fltmc.txt

Scheduled tasks

{Computername}_schtasks.csv{Computername}_schtasks.txt

Installed services

{Computername}_SC_Services_Output.txt

Running processes

{Computername}_TaskList.txt

Environment Variables

{Computername}_EnvironmentVariables.txt

Virtualization Information

Description

File Name

Virtualization information

{Computername}_Virtualization.txt{Computername}_Virtualization.htm

ReferencesKB 973559 - Frequently asked questions about the Microsoft Support Diagnostic Tool (MSDT) for Windows 7http://support.microsoft.com/kb/973559

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.