Summary

The Support Diagnostics Platform (SDP) manifest file is designed to collect relevant registry data, configuration files, and event log information to help troubleshoot common Forefront Client Security support issues. This article provides details on the data collected by the Forefront Client Security Troubleshooter.

More Information

This article describes the information that may be collected from a machine when running Forefront Client Security Troubleshooter.

Information Collected

Antimalware client support files

Description

File Name

Application event entries of Forefront Client Security

MPApplicationEvents.txt

AM jobs in Network service context

MpCmdRun-NetworkService.log

AM jobs in System context

MpCmdRun-System.log

AM service log (RTP, perf, scans,…)

MPLog-{Date}-{timestamp}.log

Forefront Client Security registry information

MPRegistry.txt

Signature update information on install

MpSigStub.Log

Compressed support files

MPSupportFiles.cab

Software Explorer information

MPSWE.txt

System event entries of Forefront Client Security

MPSystemEvents.txt

Windows update log

WindowsUpdate.log



AutoRuns Information

Description

File Name

Autorun information

{Computername}_Autoruns.htm

{Computername}_Autoruns.xml



Collecting Log Files

Description

File Name

Security Center AV information

{Computername}_SecurityCenter.txt

Forefront Client Security Setup logs

{Computername}_Clientsetup.log

{Computername}_FCSAM.log

{Computername}_FCSSSA.log

Forefront Client Security Application data tree information

{Computername}_FCS_APPDATA_TREE.log



Event Log files

Description

File Name

Export of the Application event log

{Computername}_evt _Application.csv

{Computername}_evt _Application.evt(x)

{Computername}_evt_Application.txt

Export of the System event log

{Computername}_evt_System.csv

{Computername}_evt_System.evt(x)

{Computername}_evt_System.txt



File Version Information (ChkSym)

Description

File Name

Symbol verification for:

AM Client

AM Engine

SSA Client

{Computername}_symAMClient_DIR.txt

{Computername}_symAMClient_DIR.csv

{Computername}_symAMEngine_DIR.txt

{Computername}_symAMEngine_DIR-csv

{Computername}_symSSAClient_DIR.txt

{Computername}_symSSAClient_DIR.csv



Installed Updates/Hotfixes

Description

File Name

Installed updates history

{Computername}_Hotfixes.csv

{Computername}_Hotfixes.txt

{Computername}_Hotfixes.htm



Registry Information

Description

File Name

Registry Hive for keys pertaining system information

Software\Microsoft\Windows NT\CurrentVersion

Software\Microsoft\Windows\CurrentVersion

{Computername}_reg_CurrentVersion.txt

Registry Hive for keys pertaining to Installed Software. Data gathered from SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix

SOFTWARE\Microsoft\Hotfix

SOFTWARE\Microsoft\Active Setup

SOFTWARE\Microsoft\Active Setup

SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

SOFTWARE\Microsoft\Updates

{Computername}_reg_Software.txt

Registry Hive for keys pertaining policy information. Data gathered from

HKCU\Software\Policies

HKLM\Software\Policies

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies

{Computername}_reg_Policies.txt

Registry Hive for keys pertaining to timezone information. Data gathered from SYSTEM\CurrentControlSet\Control\TimeZoneInformation

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones

{Computername}_reg_TimeZone.txt

Registry Hive for keys pertaining to services information. Data gathered from SYSTEM\CurrentControlSet\Services

{Computername}_Services_Key.txt

Registry Hive for keys pertaining to Session Manager. Data gathered from

SYSTEM\CurrentControlSet\Control\Session Manager

{Computername}_SessionManager_Key.txt

Registry Hive for keys pertaining to OLE.

Data gathered from

Software\Microsoft\OLE

{Computername}_HKLM_OLE_Key.txt

Registry Hive for keys pertaining to Forefront Client Security Policy. Data gathered from

SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security

{Computername}_HKLM_Policies_ClientSecurity.txt

Registry Hive for keys pertaining to Forefront Client Security configuration. Data gathered from

SOFTWARE\Microsoft\Microsoft Forefront\Client Security

{Computername}_HKLM_ClientSecurity.txt

Registry Hive for keys pertaining to Operations Manager configuration. Data gathered from

Software\Microsoft\Microsoft Operations Manager

Software\Mission Critical Software

{Computername}_HKLM_MOM.txt

Registry Hive for keys pertaining to Automatic Updates

Data gathered from

Software\Microsoft\Windows\CurrentVersion\WindowsUpdate

SOFTWARE\Policies\Microsoft\windows\WindowsUpdate

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate

{Computername}_WindowsUpdate.txt

Registry Hive for keys pertaining to IE

Data gathered from

HKLM\SOFTWARE\Microsoft\Internet Explorer

HKCU\SOFTWARE\Microsoft\Internet Explorer

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings

HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings

HKLM\Software\Microsoft\Internet Domains

HKLM\Software\Microsoft\Internet Connection Wizard

HKCU\Software\Microsoft\Internet Connection Wizard

HKLM\Software\Microsoft\Internet Account Manager

HKCU\Software\Microsoft\Internet Account Manager

HKLM\Software\Microsoft\IEAK

HKCU\Software\Microsoft\IEAK

HKCU\Software\Microsoft\IEAK6

HKLM\Software\Microsoft\IE Setup

{Computername}_IE.txt



Resultant Set of Policy (RSOP)

Description

File Name

Policy information

{Computername}_GPResult.txt



Security State Assessment

Description

File Name

Security State Assessment trace(s)

{Computername}_SSA_Log{id}.etl

Security State Assessment result file

{Computername}_{GUID}.xml



System Information

Description

File Name

System information

{Computername}_msinfo32.nfo

{Computername}_msinfo32.txt



System State Information

Description

File Name

MPFilter information

{Computername}_Fltmc.txt

Scheduled tasks

{Computername}_schtasks.csv

{Computername}_schtasks.txt

Installed services

{Computername}_SC_Services_Output.txt

Running processes

{Computername}_TaskList.txt

Environment Variables

{Computername}_EnvironmentVariables.txt



Virtualization Information

Description

File Name

Virtualization information

{Computername}_Virtualization.txt

{Computername}_Virtualization.htm

References

KB 973559 - Frequently asked questions about the Microsoft Support Diagnostic Tool (MSDT) for Windows 7
http://support.microsoft.com/kb/973559

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×