Summary
The Support Diagnostics Platform (SDP) manifest file is designed to collect relevant registry data, configuration files, and event log information to help troubleshoot common Forefront Client Security support issues. This article provides details on the data collected by the Forefront Client Security Troubleshooter.
More Information
This article describes the information that may be collected from a machine when running Forefront Client Security Troubleshooter.
Information Collected
Antimalware client support files
Description |
File Name |
Application event entries of Forefront Client Security |
MPApplicationEvents.txt |
AM jobs in Network service context |
MpCmdRun-NetworkService.log |
AM jobs in System context |
MpCmdRun-System.log |
AM service log (RTP, perf, scans,…) |
MPLog-{Date}-{timestamp}.log |
Forefront Client Security registry information |
MPRegistry.txt |
Signature update information on install |
MpSigStub.Log |
Compressed support files |
MPSupportFiles.cab |
Software Explorer information |
MPSWE.txt |
System event entries of Forefront Client Security |
MPSystemEvents.txt |
Windows update log |
WindowsUpdate.log |
AutoRuns Information
Description |
File Name |
Autorun information |
{Computername}_Autoruns.htm |
Collecting Log Files
Description |
File Name |
Security Center AV information |
{Computername}_SecurityCenter.txt |
Forefront Client Security Setup logs |
{Computername}_Clientsetup.log |
Forefront Client Security Application data tree information |
{Computername}_FCS_APPDATA_TREE.log |
Event Log files
Description |
File Name |
Export of the Application event log |
{Computername}_evt _Application.csv |
Export of the System event log |
{Computername}_evt_System.csv |
File Version Information (ChkSym)
Description |
File Name |
Symbol verification for: |
{Computername}_symAMClient_DIR.txt |
Installed Updates/Hotfixes
Description |
File Name |
Installed updates history |
{Computername}_Hotfixes.csv |
Registry Information
Description |
File Name |
Registry Hive for keys pertaining system information |
{Computername}_reg_CurrentVersion.txt |
Registry Hive for keys pertaining to Installed Software. Data gathered from SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
{Computername}_reg_Software.txt |
Registry Hive for keys pertaining policy information. Data gathered from |
{Computername}_reg_Policies.txt |
Registry Hive for keys pertaining to timezone information. Data gathered from SYSTEM\CurrentControlSet\Control\TimeZoneInformation |
{Computername}_reg_TimeZone.txt |
Registry Hive for keys pertaining to services information. Data gathered from SYSTEM\CurrentControlSet\Services |
{Computername}_Services_Key.txt |
Registry Hive for keys pertaining to Session Manager. Data gathered from |
{Computername}_SessionManager_Key.txt |
Registry Hive for keys pertaining to OLE. |
{Computername}_HKLM_OLE_Key.txt |
Registry Hive for keys pertaining to Forefront Client Security Policy. Data gathered from |
{Computername}_HKLM_Policies_ClientSecurity.txt |
Registry Hive for keys pertaining to Forefront Client Security configuration. Data gathered from |
{Computername}_HKLM_ClientSecurity.txt |
Registry Hive for keys pertaining to Operations Manager configuration. Data gathered from |
{Computername}_HKLM_MOM.txt |
Registry Hive for keys pertaining to Automatic Updates |
{Computername}_WindowsUpdate.txt |
Registry Hive for keys pertaining to IE |
{Computername}_IE.txt |
Resultant Set of Policy (RSOP)
Description |
File Name |
Policy information |
{Computername}_GPResult.txt |
Security State Assessment
Description |
File Name |
Security State Assessment trace(s) |
{Computername}_SSA_Log{id}.etl |
Security State Assessment result file |
{Computername}_{GUID}.xml |
System Information
Description |
File Name |
System information |
{Computername}_msinfo32.nfo |
System State Information
Description |
File Name |
MPFilter information |
{Computername}_Fltmc.txt |
Scheduled tasks |
{Computername}_schtasks.csv |
Installed services |
{Computername}_SC_Services_Output.txt |
Running processes |
{Computername}_TaskList.txt |
Environment Variables |
{Computername}_EnvironmentVariables.txt |
Virtualization Information
Description |
File Name |
Virtualization information |
{Computername}_Virtualization.txt |
References
KB 973559 - Frequently asked questions about the Microsoft Support Diagnostic Tool (MSDT) for Windows 7
http://support.microsoft.com/kb/973559