Using the MscSupport tool to collect data for troubleshooting
The MscSupport tool is a tool designed to collect support data to troubleshoot Forefront Endpoint Protection. You can download the tool from the Forefront Endpoint Protection 2010 Tools download page (http://www.microsoft.com/downloads/en/details.aspx?FamilyID=04f7d456-24a2-4061-a2ed-82fe93a03fd5).
When to use the MscSupport tool
It is a troubleshooting tool, so you only need to run the tool when you have a problem with Forefront Endpoint Protection.
On the other hand, you don’t need to run the tool with every occasion. Typically you need to collect the MscSupport data in the following scenarios:
- Remote online troubleshooting is difficult
- The cause of the problem is not clear
- You have a Support case with Microsoft
What data does the tool collect
The data collected depends on the system you run the tool on. The tool collects additional information when it is run on the server hosting the FEP2010 server roles.
- Support files (see below), like the FEP log files. For more information about the FEP log files, see http://technet.microsoft.com/en-us/library/gg477022.aspx
- Complete event logs
- Configuration Manager log files (server and/or client) . For more information about Configuration Manager log files, see http://technet.microsoft.com/en-us/library/bb892800.aspx
- Services information
- Running processes
- System info
- Firewall policy
The Support files are files that contain FEP2010 specific information. This information can be gathered when you run the below command (located in C:\Program Files\Microsoft Security Client\Antimalware) in a Command Prompt:
The following data is collected:
- Any trace files from Microsoft Antimalware Service
- The Windows Update history log
- All Microsoft Antimalware Service events from the System event log
- All relevant Microsoft Antimalware Service registry locations
- The log file of this tool
- The log file of the signature update helper tool
Microsoft is committed to protecting your privacy. Please read the Microsoft Privacy Statement<http://go.microsoft.com/fwlink/?LinkId=81184> for more information.
How to run the MscSupport tool
The tool must be executed with Administrator privileges on the system you want to collect the data from, otherwise the data collected by the tool may not be complete.
The data the tool collects will be placed in a cabinet file and is located in %SystemDrive%\MscSupportData
Open Windows Explorer and navigate to the location where you stored the tool
Right-click MscSupportTool.exe and click Run as administrator
The tool will start to collect the support data
When data gathering is complete, you can close or open the folder that contains the CAB file
Kurt Sarens, Senior Support Engineer