Operational logs
Applies To: Forefront Client Security
The client components generate various logs during operations. On client computers running Windows Vista™, these logs can be found in the following location:
ProgramData\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Support
On client computers running Microsoft Windows® XP and Windows Server 2003, these logs can be found in the following location:
Documents and Settings\All Users\Application Data\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Support
These locations are hidden folders. To view them, you must allow your computer to display hidden folders.
To view hidden folders
In Control Panel, select Folder Options.
Click the View tab, select Show hidden files and folders, and then click OK.
The following table describes the files contained in the log file location.
| Log file | Description |
|---|---|
MPLog-daterange.log |
A log of scanned resources, threats detected, and signature update versions. Generated by the antimalware engine. |
MPRegistry.txt |
Lists current registry settings for Client Security. Generated by running the command MpCmdRun –Getfiles. |
MPSWE.txt |
Lists information from the Software Explorer tool in the Client Security interface. Generated by running the command MpCmdRun –Getfiles. |
MPApplicationEvents.txt |
Lists events generated by the antimalware component of Client Security, logged in the Application log of Event Viewer. Generated by running the command MpCmdRun –Getfiles. |
MPSystemEvents.txt |
Lists events generated by the antimalware component of Client Security. Gets the events from the System log of Event Viewer. Generated by running the command MpCmdRun –Getfiles. |
WindowsUpdate.log |
Lists Windows Update agent activity. Generated by running the command MpCmdRun –Getfiles. |
MpCmdRun-NetworkService.log |
Lists scheduled scans and signature updates done under the NetworkService security principal. Generated by running MpCmdRun –Getfiles. |
MpCmdRun-System.log |
Lists scheduled scans and signature updates done under the LocalSystem security principal. Generated by running the command MpCmdRun –Getfiles. |
MpSigStub.log |
Lists activity of the signature update component of the Antimalware Service. |
Running the command MpCmdRun -Getfiles also collects the files listed in the preceding table (with the exception of MPLog-daterange.log and MpSigStub.log) into an archive named MPSupportFiles.cab.