Summary
The Support Diagnostics Platform (SDP) manifest file is designed to collect relevant registry data, configuration files, and event log information to help troubleshoot common Forefront Client Security support issues. This article provides details on the data collected by the Forefront Client Security Troubleshooter.
More Information
This article describes the information that may be collected from a machine when running Forefront Client Security Troubleshooter.
Information Collected Antimalware client support files
Description |
File Name |
Application event entries of Forefront Client Security |
MPApplicationEvents.txt |
AM jobs in Network service context |
MpCmdRun-NetworkService.log |
AM jobs in System context |
MpCmdRun-System.log |
AM service log (RTP, perf, scans,…) |
MPLog-{Date}-{timestamp}.log |
Forefront Client Security registry information |
MPRegistry.txt |
Signature update information on install |
MpSigStub.Log |
Compressed support files |
MPSupportFiles.cab |
Software Explorer information |
MPSWE.txt |
System event entries of Forefront Client Security |
MPSystemEvents.txt |
Windows update log |
WindowsUpdate.log |
AutoRuns Information
Description |
File Name |
Autorun information |
{Computername}_Autoruns.htm {Computername}_Autoruns.xml |
Collecting Log Files
Description |
File Name |
Security Center AV information |
{Computername}_SecurityCenter.txt |
Forefront Client Security Setup logs |
{Computername}_Clientsetup.log {Computername}_FCSAM.log {Computername}_FCSSSA.log |
Forefront Client Security Application data tree information |
{Computername}_FCS_APPDATA_TREE.log |
Event Log files
Description |
File Name |
Export of the Application event log |
{Computername}_evt _Application.csv {Computername}_evt _Application.evt(x) {Computername}_evt_Application.txt |
Export of the System event log |
{Computername}_evt_System.csv {Computername}_evt_System.evt(x) {Computername}_evt_System.txt |
File Version Information (ChkSym)
Description |
File Name |
Symbol verification for: AM Client AM Engine SSA Client |
{Computername}_symAMClient_DIR.txt {Computername}_symAMClient_DIR.csv {Computername}_symAMEngine_DIR.txt {Computername}_symAMEngine_DIR-csv {Computername}_symSSAClient_DIR.txt {Computername}_symSSAClient_DIR.csv |
Installed Updates/Hotfixes
Description |
File Name |
Installed updates history |
{Computername}_Hotfixes.csv {Computername}_Hotfixes.txt {Computername}_Hotfixes.htm |
Registry Information
Description |
File Name |
Registry Hive for keys pertaining system information Software\Microsoft\Windows NT\CurrentVersion Software\Microsoft\Windows\CurrentVersion |
{Computername}_reg_CurrentVersion.txt |
Registry Hive for keys pertaining to Installed Software. Data gathered from SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix SOFTWARE\Microsoft\Hotfix SOFTWARE\Microsoft\Active Setup SOFTWARE\Microsoft\Active Setup SOFTWARE\Microsoft\Windows\CurrentVersion\Setup SOFTWARE\Microsoft\Updates |
{Computername}_reg_Software.txt |
Registry Hive for keys pertaining policy information. Data gathered from HKCU\Software\Policies HKLM\Software\Policies HKCU\Software\Microsoft\Windows\CurrentVersion\Policies HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies |
{Computername}_reg_Policies.txt |
Registry Hive for keys pertaining to timezone information. Data gathered from SYSTEM\CurrentControlSet\Control\TimeZoneInformation SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones |
{Computername}_reg_TimeZone.txt |
Registry Hive for keys pertaining to services information. Data gathered from SYSTEM\CurrentControlSet\Services |
{Computername}_Services_Key.txt |
Registry Hive for keys pertaining to Session Manager. Data gathered from SYSTEM\CurrentControlSet\Control\Session Manager |
{Computername}_SessionManager_Key.txt |
Registry Hive for keys pertaining to OLE. Data gathered from Software\Microsoft\OLE |
{Computername}_HKLM_OLE_Key.txt |
Registry Hive for keys pertaining to Forefront Client Security Policy. Data gathered from SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security |
{Computername}_HKLM_Policies_ClientSecurity.txt |
Registry Hive for keys pertaining to Forefront Client Security configuration. Data gathered from SOFTWARE\Microsoft\Microsoft Forefront\Client Security |
{Computername}_HKLM_ClientSecurity.txt |
Registry Hive for keys pertaining to Operations Manager configuration. Data gathered from Software\Microsoft\Microsoft Operations Manager Software\Mission Critical Software |
{Computername}_HKLM_MOM.txt |
Registry Hive for keys pertaining to Automatic Updates Data gathered from Software\Microsoft\Windows\CurrentVersion\WindowsUpdate SOFTWARE\Policies\Microsoft\windows\WindowsUpdate HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate |
{Computername}_WindowsUpdate.txt |
Registry Hive for keys pertaining to IE Data gathered from HKLM\SOFTWARE\Microsoft\Internet Explorer HKCU\SOFTWARE\Microsoft\Internet Explorer HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings HKLM\Software\Microsoft\Internet Domains HKLM\Software\Microsoft\Internet Connection Wizard HKCU\Software\Microsoft\Internet Connection Wizard HKLM\Software\Microsoft\Internet Account Manager HKCU\Software\Microsoft\Internet Account Manager HKLM\Software\Microsoft\IEAK HKCU\Software\Microsoft\IEAK HKCU\Software\Microsoft\IEAK6 HKLM\Software\Microsoft\IE Setup |
{Computername}_IE.txt |
Resultant Set of Policy (RSOP)
Description |
File Name |
Policy information |
{Computername}_GPResult.txt |
Security State Assessment
Description |
File Name |
Security State Assessment trace(s) |
{Computername}_SSA_Log{id}.etl |
Security State Assessment result file |
{Computername}_{GUID}.xml |
System Information
Description |
File Name |
System information |
{Computername}_msinfo32.nfo {Computername}_msinfo32.txt |
System State Information
Description |
File Name |
MPFilter information |
{Computername}_Fltmc.txt |
Scheduled tasks |
{Computername}_schtasks.csv {Computername}_schtasks.txt |
Installed services |
{Computername}_SC_Services_Output.txt |
Running processes |
{Computername}_TaskList.txt |
Environment Variables |
{Computername}_EnvironmentVariables.txt |
Virtualization Information
Description |
File Name |
Virtualization information |
{Computername}_Virtualization.txt {Computername}_Virtualization.htm |
Referenceshttp://support.microsoft.com/kb/973559
KB 973559 - Frequently asked questions about the Microsoft Support Diagnostic Tool (MSDT) for Windows 7