Summary
The Support Diagnostics Platform (SDP) manifest file is designed to collect relevant registry data, configuration files, and event log information to help troubleshoot common Forefront Client Security support issues. This article provides details on the data collected by the Forefront Client Security Troubleshooter.
More Information
This article describes the information that may be collected from a machine when running Forefront Client Security Troubleshooter.Information CollectedAntimalware client support files
|
Description |
File Name |
|
Application event entries of Forefront Client Security |
MPApplicationEvents.txt |
|
AM jobs in Network service context |
MpCmdRun-NetworkService.log |
|
AM jobs in System context |
MpCmdRun-System.log |
|
AM service log (RTP, perf, scans,…) |
MPLog-{Date}-{timestamp}.log |
|
Forefront Client Security registry information |
MPRegistry.txt |
|
Signature update information on install |
MpSigStub.Log |
|
Compressed support files |
MPSupportFiles.cab |
|
Software Explorer information |
MPSWE.txt |
|
System event entries of Forefront Client Security |
MPSystemEvents.txt |
|
Windows update log |
WindowsUpdate.log |
AutoRuns Information
|
Description |
File Name |
|
Autorun information |
{Computername}_Autoruns.htm{Computername}_Autoruns.xml |
Collecting Log Files
|
Description |
File Name |
|
Security Center AV information |
{Computername}_SecurityCenter.txt |
|
Forefront Client Security Setup logs |
{Computername}_Clientsetup.log{Computername}_FCSAM.log{Computername}_FCSSSA.log |
|
Forefront Client Security Application data tree information |
{Computername}_FCS_APPDATA_TREE.log |
Event Log files
|
Description |
File Name |
|
Export of the Application event log |
{Computername}_evt _Application.csv{Computername}_evt _Application.evt(x){Computername}_evt_Application.txt |
|
Export of the System event log |
{Computername}_evt_System.csv{Computername}_evt_System.evt(x){Computername}_evt_System.txt |
File Version Information (ChkSym)
|
Description |
File Name |
|
Symbol verification for:AM ClientAM EngineSSA Client |
{Computername}_symAMClient_DIR.txt{Computername}_symAMClient_DIR.csv{Computername}_symAMEngine_DIR.txt{Computername}_symAMEngine_DIR-csv{Computername}_symSSAClient_DIR.txt{Computername}_symSSAClient_DIR.csv |
Installed Updates/Hotfixes
|
Description |
File Name |
|
Installed updates history |
{Computername}_Hotfixes.csv{Computername}_Hotfixes.txt{Computername}_Hotfixes.htm |
Registry Information
|
Description |
File Name |
|
Registry Hive for keys pertaining system informationSoftware\Microsoft\Windows NT\CurrentVersionSoftware\Microsoft\Windows\CurrentVersion |
{Computername}_reg_CurrentVersion.txt |
|
Registry Hive for keys pertaining to Installed Software. Data gathered from SOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\Microsoft\Windows NT\CurrentVersion\HotfixSOFTWARE\Microsoft\HotfixSOFTWARE\Microsoft\Active SetupSOFTWARE\Microsoft\Active SetupSOFTWARE\Microsoft\Windows\CurrentVersion\SetupSOFTWARE\Microsoft\Updates |
{Computername}_reg_Software.txt |
|
Registry Hive for keys pertaining policy information. Data gathered from HKCU\Software\PoliciesHKLM\Software\PoliciesHKCU\Software\Microsoft\Windows\CurrentVersion\PoliciesHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies |
{Computername}_reg_Policies.txt |
|
Registry Hive for keys pertaining to timezone information. Data gathered from SYSTEM\CurrentControlSet\Control\TimeZoneInformationSOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones |
{Computername}_reg_TimeZone.txt |
|
Registry Hive for keys pertaining to services information. Data gathered from SYSTEM\CurrentControlSet\Services |
{Computername}_Services_Key.txt |
|
Registry Hive for keys pertaining to Session Manager. Data gathered from SYSTEM\CurrentControlSet\Control\Session Manager |
{Computername}_SessionManager_Key.txt |
|
Registry Hive for keys pertaining to OLE. Data gathered from Software\Microsoft\OLE |
{Computername}_HKLM_OLE_Key.txt |
|
Registry Hive for keys pertaining to Forefront Client Security Policy. Data gathered from SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security |
{Computername}_HKLM_Policies_ClientSecurity.txt |
|
Registry Hive for keys pertaining to Forefront Client Security configuration. Data gathered from SOFTWARE\Microsoft\Microsoft Forefront\Client Security |
{Computername}_HKLM_ClientSecurity.txt |
|
Registry Hive for keys pertaining to Operations Manager configuration. Data gathered from Software\Microsoft\Microsoft Operations ManagerSoftware\Mission Critical Software |
{Computername}_HKLM_MOM.txt |
|
Registry Hive for keys pertaining to Automatic UpdatesData gathered fromSoftware\Microsoft\Windows\CurrentVersion\WindowsUpdateSOFTWARE\Policies\Microsoft\windows\WindowsUpdateHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdateHKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate |
{Computername}_WindowsUpdate.txt |
|
Registry Hive for keys pertaining to IEData gathered fromHKLM\SOFTWARE\Microsoft\Internet ExplorerHKCU\SOFTWARE\Microsoft\Internet ExplorerHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXEHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsHKLM\Software\Microsoft\Windows\CurrentVersion\Internet SettingsHKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet SettingsHKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet SettingsHKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet SettingsHKLM\Software\Microsoft\Internet DomainsHKLM\Software\Microsoft\Internet Connection WizardHKCU\Software\Microsoft\Internet Connection WizardHKLM\Software\Microsoft\Internet Account ManagerHKCU\Software\Microsoft\Internet Account ManagerHKLM\Software\Microsoft\IEAKHKCU\Software\Microsoft\IEAKHKCU\Software\Microsoft\IEAK6HKLM\Software\Microsoft\IE Setup |
{Computername}_IE.txt |
Resultant Set of Policy (RSOP)
|
Description |
File Name |
|
Policy information |
{Computername}_GPResult.txt |
Security State Assessment
|
Description |
File Name |
|
Security State Assessment trace(s) |
{Computername}_SSA_Log{id}.etl |
|
Security State Assessment result file |
{Computername}_{GUID}.xml |
System Information
|
Description |
File Name |
|
System information |
{Computername}_msinfo32.nfo{Computername}_msinfo32.txt |
System State Information
|
Description |
File Name |
|
MPFilter information |
{Computername}_Fltmc.txt |
|
Scheduled tasks |
{Computername}_schtasks.csv{Computername}_schtasks.txt |
|
Installed services |
{Computername}_SC_Services_Output.txt |
|
Running processes |
{Computername}_TaskList.txt |
|
Environment Variables |
{Computername}_EnvironmentVariables.txt |
Virtualization Information
|
Description |
File Name |
|
Virtualization information |
{Computername}_Virtualization.txt{Computername}_Virtualization.htm |
ReferencesKB 973559 - Frequently asked questions about the Microsoft Support Diagnostic Tool (MSDT) for Windows 7http://support.microsoft.com/kb/973559
