Archive for the ‘log files’ Category

Using the MscSupport tool to collect data for troubleshooting

February 1st, 2011 Comments off


The MscSupport tool is a tool designed to collect support data to troubleshoot Forefront Endpoint Protection. You can download the tool from the Forefront Endpoint Protection 2010 Tools download page (

When to use the MscSupport tool

It is a troubleshooting tool, so you only need to run the tool when you have a problem with Forefront Endpoint Protection.
On the other hand, you don’t need to run the tool with every occasion. Typically you need to collect the MscSupport data in the following scenarios:

  • Remote online troubleshooting is difficult
  • The cause of the problem is not clear
  • You have a Support case with Microsoft

What data does the tool collect

The data collected depends on the system you run the tool on. The tool collects additional information when it is run on the server hosting the FEP2010 server roles.

The Support files are files that contain FEP2010 specific information. This information can be gathered when you run the below command (located in C:\Program Files\Microsoft Security Client\Antimalware) in a Command Prompt:

Mpcmdrun -GetFiles

The following data is collected:

  • Any trace files from Microsoft Antimalware Service
  • The Windows Update history log
  • All Microsoft Antimalware Service events from the System event log
  • All relevant Microsoft Antimalware Service registry locations
  • The log file of this tool
  • The log file of the signature update helper tool

Microsoft is committed to protecting your privacy. Please read the Microsoft Privacy Statement<> for more information.

How to run the MscSupport tool

The tool must be executed with Administrator privileges on the system you want to collect the data from, otherwise the data collected by the tool may not be complete.

The data the tool collects will be placed in a cabinet file and is located in %SystemDrive%\MscSupportData

  1. Open Windows Explorer and navigate to the location where you stored the tool
  2. Right-click MscSupportTool.exe and click Run as administrator
  3. The tool will start to collect the support data


  4. When data gathering is complete, you can close or open the folder that contains the CAB file


Kurt Sarens, Senior Support Engineer

Categories: FEP, log files, mscsupport, Troubleshooting Tags: