FEP Log Files
Applies To: Forefront Endpoint Protection
Forefront Endpoint Protection (FEP) creates log files both during the installation on your Configuration Manager server and during day-to-day operations.
FEP Server Installation Log Files
The installation log files are listed below.
| Log file name | Description |
|---|---|
FEPExt_xxx_xxx.log |
FEP site server extensions |
FepReport_xxx_xxx.log |
FEP Reporting Components |
FEPUX_xxx_xxx.log |
FEP Console Extensions |
ServerSetup_xxx_xxx.log |
FEP Setup |
You can find FEP server installation log files in the following location:
If you installed FEP on Windows Server 2003:
%AllUsersProfile%\Application Data\Microsoft Forefront\Support\Server
If you installed FEP on Windows Server 2008:
%ProgramData%\Microsoft Forefront\Support\Server
The file names use the following format:
LogFileName_Date_Time.log
where the following is true:
LogFileName is the name of the log file.
Date is the day, month, and year the log was created, in the format DDMMYYY.
Time is the hour, minute, and second the log file was created, in the format HHMMSS.
FEP Server Operational Log Files
The following table lists the log files in which FEP stores operational information.
| Log file name | Description |
|---|---|
SmsAdminUI.log |
FEP stores console-related information in this Configuration Manager console log file. It can be found in C:\Program Files (x86)\Microsoft Configuration Manager\AdminUI\AdminUILog. For more information about this log file, see Troubleshooting Configuration Manager Console Issues (https://go.microsoft.com/fwlink/?LinkId=207567) in the Configuration Manager documentation. |
FepServiceTrace.etl |
FEP service tracing log file. This file, stored in %ProgramData%\Microsoft Forefront\Support\, contains binary information typically only useful to product support personnel. |
FEP Client Software Installation Log Files
The FEP client software creates log files both during installation and during day-to-day operations.
The following table lists setup log files and the components with which they are associated.
| Log file name | Description |
|---|---|
EppSetup.log |
Master setup log file. |
MSSecurityClient_Setup_epp_install.log |
User interface and management extension setup log file. |
MSSecurityClient_Setup_FEP_install.log |
Configuration Manager management extensions setup log file. |
MSSecurityClient_Setup_mp_ambits_install.log |
Antimalware service setup log file. |
MSSecurityClient_Setup_epploc_x86_Install or MSSecurityClient_Setup_epploc_x64_Install |
Localized resources installation log file (specific to the architecture on the client computer). |
MSSecurityClient_Setup_amloc-%locale%_install |
Log file for installation of localized resources for the antimalware service. %locale% represents the locale for which the install was performed. |
MSSecurityClient_Setup_KB981889_Install.evtx |
The log file for Windows patch installation KB981889. Only present on Windows 7 or Windows Server 2008 R2. |
MSSecurityClient_Setup_dw20shared_Install.log |
Log file for installation of Dr. Watson (only installed on computers running Windows XP and only if not already present). |
You can find FEP client installation log files in the following location:
%allusersprofile%\Microsoft\Microsoft Antimalware\Support—Log files specific for the antimalware service.
%allusersprofile%\Microsoft\Microsoft Security Client\Support—Log files specific for the FEP client software.
%windir%\WindowsUpdate.log—Windows Update log files, which include information about definition updates.