收集 Microsoft Defender AV 診斷資料Collect Microsoft Defender AV diagnostic data

適用於:Applies to:

本文說明如何收集可供 Microsoft 支援人員和工程團隊使用的診斷資料,以協助疑難排解使用 Microsoft Defender AV 時可能遇到的問題。This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you might encounter when using the Microsoft Defender AV.

注意

作為調查或回應程式的一部分,您可以從裝置收集調查套件。As part of the investigation or response process, you can collect an investigation package from a device. 方法如下: 從裝置收集調查套件Here's how: Collect investigation package from devices.

在至少有兩個裝置出現相同問題時,請採取下列步驟取得 .cab 診斷檔案:On at least two devices that are experiencing the same issue, obtain the .cab diagnostic file by taking the following steps:

  1. 以下列方式開啟命令提示字元的系統管理員層級版本:Open an administrator-level version of the command prompt as follows:

    a.a. 開啟 [ 開始 ] 功能表。Open the Start menu.

    b.b. 輸入 cmdType cmd. 命令提示 字元上按一下滑鼠右鍵,然後選取 [ 以系統管理員身分執行]。Right-click on Command Prompt and then select Run as administrator.

    c.c. 指定系統管理員認證或核准提示。Specify administrator credentials or approve the prompt.

  2. 流覽至 Microsoft Defender 目錄。Navigate to the Microsoft Defender directory. 此為預設值 C:\Program Files\Windows DefenderBy default, this is C:\Program Files\Windows Defender.

注意

如果您正在執行 更新的 Microsoft Defender 平臺版本,請 MpCmdRun 從下列位置執行: C:\ProgramData\Microsoft\Windows Defender\Platform\<version>If you're running an updated Microsoft Defender Platform version, please run MpCmdRun from the following location: C:\ProgramData\Microsoft\Windows Defender\Platform\<version>.

  1. 輸入下列命令,然後按 enterType the following command, and then press Enter

    mpcmdrun.exe -GetFiles
    
  2. 會產生包含各種診斷記錄的 .cab 檔案。A .cab file will be generated that contains various diagnostic logs. 會在命令提示字元的輸出中指定檔案的位置。The location of the file will be specified in the output in the command prompt. 根據預設,位置是 C:\ProgramData\Microsoft\Microsoft Defender\Support\MpSupportFiles.cabBy default, the location is C:\ProgramData\Microsoft\Microsoft Defender\Support\MpSupportFiles.cab.

注意

若要將 cab 檔重新導向至不同的路徑或 UNC 共用,請使用下列命令: mpcmdrun.exe -GetFiles -SupportLogLocation <path>To redirect the cab file to a a different path or UNC share, use the following command: mpcmdrun.exe -GetFiles -SupportLogLocation <path>
如需詳細資訊,請參閱 將診斷資料重新導向至 UNC 共用For more information, see Redirect diagnostic data to a UNC share.

  1. 將這些 .cab 檔複製到可供 Microsoft 支援人員存取的位置。Copy these .cab files to a location that can be accessed by Microsoft support. 例如,您可以將密碼保護的 OneDrive 資料夾與我們共用。An example could be a password-protected OneDrive folder that you can share with us.

注意

如果您有更新規範的問題,請使用 更新規範支援電子郵件範本傳送電子郵件,並使用下列資訊填寫範本:If you have a problem with Update compliance, send an email using the Update Compliance support email template, and fill out the template with the following information:

I am encountering the following issue when using Microsoft Defender Antivirus in Update Compliance:
I have provided at least 2 support .cab files at the following location:  
<accessible share, including access details such as password>

   My OMS workspace ID is:

   Please contact me at:

將診斷資料重新導向至 UNC 共用Redirect diagnostic data to a UNC share

若要在中央存放庫上收集診斷資料,您可以指定 SupportLogLocation 參數。To collect diagnostic data on a central repository, you can specify the SupportLogLocation parameter.

mpcmdrun.exe -GetFiles -SupportLogLocation <path>

將診斷資料複製到指定的路徑。Copies the diagnostic data to the specified path. 如果未指定路徑,則診斷資料會複製到支援記錄檔位置設定所指定的位置。If the path is not specified, the diagnostic data will be copied to the location specified in the Support Log Location Configuration.

使用 SupportLogLocation 參數時,會在目的地路徑中建立類似下列的資料夾結構:When the SupportLogLocation parameter is used, a folder structure like as follows will be created in the destination path:

<path>\<MMDD>\MpSupport-<hostname>-<HHMM>.cab
欄位field 描述Description
路徑path 命令列上指定的路徑,或從設定中檢索The path as specified on the command line or retrieved from configuration
MMDDMMDD 收集診斷資料的月和日 (例如,0530) Month and day when the diagnostic data was collected (for example, 0530)
主機 名hostname 收集診斷資料之裝置的主機名稱The hostname of the device on which the diagnostic data was collected
HHMMHHMM 收集診斷資料的時數和分鐘 (例如,1422) Hours and minutes when the diagnostic data was collected (for example, 1422)

注意

使用檔案共用時,請確定用來收集診斷套件的帳戶具有共用的寫入存取權。When using a file share please make sure that account used to collect the diagnostic package has write access to the share.

指定診斷資料的建立位置Specify location where diagnostic data is created

您也可以指定使用「群組原則」物件 (GPO) 建立診斷 .cab 檔案的位置。You can also specify where the diagnostic .cab file will be created using a Group Policy Object (GPO).

  1. 開啟本機組策略編輯器,並在下列位置找到 SupportLogLocation GPO: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SupportLogLocationOpen the Local Group Policy Editor and find the SupportLogLocation GPO at: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SupportLogLocation

  2. 選取 [定義目錄路徑],以複製支援記錄 檔。Select Define the directory path to copy support log files.

    本機組策略編輯器的螢幕擷取畫面

    [定義記錄檔的路徑] 設定的螢幕擷取畫面

  3. 在原則編輯器內,選取 [ 已啟用]。Inside the policy editor, select Enabled.

  4. 在 [ 選項 ] 欄位中,指定您要將支援記錄檔複製到其中的目錄路徑。Specify the directory path where you want to copy the support log files in the Options field. 已啟用目錄路徑自訂設定的螢幕擷取畫面Screenshot of Enabled directory path custom setting

  5. 選取 [確定] [套用]。Select OK or Apply.

另請參閱See also