Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. [SDP 3][ f6b23c08-0cf9-4645-9331-ca7dceec9c8c] Forefront Client Security Diagnostic

[SDP 3][ f6b23c08-0cf9-4645-9331-ca7dceec9c8c] Forefront Client Security Diagnostic

Summary

The Support Diagnostics Platform (SDP) manifest file is designed to collect relevant registry data, configuration files, and event log information to help troubleshoot common Forefront Client Security support issues. This article provides details on the data collected by the Forefront Client Security Troubleshooter.

↑ Back to the top

More Information

This article describes the information that may be collected from a machine when running Forefront Client Security Troubleshooter.

Information Collected

Antimalware client support files
DescriptionFile Name
Application event entries of Forefront Client SecurityMPApplicationEvents.txt
AM jobs in Network service contextMpCmdRun-NetworkService.log
AM jobs in System contextMpCmdRun-System.log
AM service log (RTP, perf, scans,…)MPLog-{Date}-{timestamp}.log
Forefront Client Security registry informationMPRegistry.txt
Signature update information on installMpSigStub.Log
Compressed support filesMPSupportFiles.cab
Software Explorer informationMPSWE.txt
System event entries of Forefront Client SecurityMPSystemEvents.txt
Windows update logWindowsUpdate.log


AutoRuns Information
DescriptionFile Name
Autorun information{Computername}_Autoruns.htm

{Computername}_Autoruns.xml


Collecting Log Files
DescriptionFile Name
Security Center AV information{Computername}_SecurityCenter.txt
Forefront Client Security Setup logs{Computername}_Clientsetup.log

{Computername}_FCSAM.log

{Computername}_FCSSSA.log
Forefront Client Security Application data tree information{Computername}_FCS_APPDATA_TREE.log


Event Log files
DescriptionFile Name
Export of the Application event log{Computername}_evt _Application.csv

{Computername}_evt _Application.evt(x)

{Computername}_evt_Application.txt
Export of the System event log{Computername}_evt_System.csv

{Computername}_evt_System.evt(x)

{Computername}_evt_System.txt


File Version Information (ChkSym)
DescriptionFile Name
Symbol verification for:

AM Client

AM Engine

SSA Client		{Computername}_symAMClient_DIR.txt

{Computername}_symAMClient_DIR.csv

{Computername}_symAMEngine_DIR.txt

{Computername}_symAMEngine_DIR-csv

{Computername}_symSSAClient_DIR.txt

{Computername}_symSSAClient_DIR.csv


Installed Updates/Hotfixes
DescriptionFile Name
Installed updates history{Computername}_Hotfixes.csv

{Computername}_Hotfixes.txt

{Computername}_Hotfixes.htm


Registry Information
DescriptionFile Name
Registry Hive for keys pertaining system information

Software\Microsoft\Windows NT\CurrentVersion

Software\Microsoft\Windows\CurrentVersion		{Computername}_reg_CurrentVersion.txt
Registry Hive for keys pertaining to Installed Software. Data gathered from SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix

SOFTWARE\Microsoft\Hotfix

SOFTWARE\Microsoft\Active Setup

SOFTWARE\Microsoft\Active Setup

SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

SOFTWARE\Microsoft\Updates		{Computername}_reg_Software.txt
Registry Hive for keys pertaining policy information. Data gathered from

HKCU\Software\Policies

HKLM\Software\Policies

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies		{Computername}_reg_Policies.txt
Registry Hive for keys pertaining to timezone information. Data gathered from SYSTEM\CurrentControlSet\Control\TimeZoneInformation

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones		{Computername}_reg_TimeZone.txt
Registry Hive for keys pertaining to services information. Data gathered from SYSTEM\CurrentControlSet\Services{Computername}_Services_Key.txt
Registry Hive for keys pertaining to Session Manager. Data gathered from

SYSTEM\CurrentControlSet\Control\Session Manager		{Computername}_SessionManager_Key.txt
Registry Hive for keys pertaining to OLE.

Data gathered from

Software\Microsoft\OLE		{Computername}_HKLM_OLE_Key.txt
Registry Hive for keys pertaining to Forefront Client Security Policy. Data gathered from

SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security		{Computername}_HKLM_Policies_ClientSecurity.txt
Registry Hive for keys pertaining to Forefront Client Security configuration. Data gathered from

SOFTWARE\Microsoft\Microsoft Forefront\Client Security		{Computername}_HKLM_ClientSecurity.txt
Registry Hive for keys pertaining to Operations Manager configuration. Data gathered from

Software\Microsoft\Microsoft Operations Manager

Software\Mission Critical Software		{Computername}_HKLM_MOM.txt
Registry Hive for keys pertaining to Automatic Updates

Data gathered from

Software\Microsoft\Windows\CurrentVersion\WindowsUpdate

SOFTWARE\Policies\Microsoft\windows\WindowsUpdate

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate		{Computername}_WindowsUpdate.txt
Registry Hive for keys pertaining to IE

Data gathered from

HKLM\SOFTWARE\Microsoft\Internet Explorer

HKCU\SOFTWARE\Microsoft\Internet Explorer

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings

HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings

HKLM\Software\Microsoft\Internet Domains

HKLM\Software\Microsoft\Internet Connection Wizard

HKCU\Software\Microsoft\Internet Connection Wizard

HKLM\Software\Microsoft\Internet Account Manager

HKCU\Software\Microsoft\Internet Account Manager

HKLM\Software\Microsoft\IEAK

HKCU\Software\Microsoft\IEAK

HKCU\Software\Microsoft\IEAK6

HKLM\Software\Microsoft\IE Setup		{Computername}_IE.txt


Resultant Set of Policy (RSOP)
DescriptionFile Name
Policy information{Computername}_GPResult.txt


Security State Assessment
DescriptionFile Name
Security State Assessment trace(s){Computername}_SSA_Log{id}.etl
Security State Assessment result file{Computername}_{GUID}.xml


System Information
DescriptionFile Name
System information{Computername}_msinfo32.nfo

{Computername}_msinfo32.txt


System State Information
DescriptionFile Name
MPFilter information{Computername}_Fltmc.txt
Scheduled tasks{Computername}_schtasks.csv

{Computername}_schtasks.txt
Installed services{Computername}_SC_Services_Output.txt
Running processes{Computername}_TaskList.txt
Environment Variables{Computername}_EnvironmentVariables.txt


Virtualization Information
DescriptionFile Name
Virtualization information{Computername}_Virtualization.txt

{Computername}_Virtualization.htm
References

KB 973559 - Frequently asked questions about the Microsoft Support Diagnostic Tool (MSDT) for Windows 7
http://support.microsoft.com/kb/973559

↑ Back to the top

Keywords: kb

↑ Back to the top

Article Info
Article ID : 2682459
Revision : 1
Created on : 1/7/2017
Published on : 8/24/2012
Exists online : False
Views : 82