deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 04:13:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

SupportLogLocation parameter

Browse Source 
Adding new parameter SupportLogLocation and usage explanation
This commit is contained in:
Kurt Sarens
2020-05-30 18:23:24 -07:00
parent c77d424231
commit bd4fcff397
2 changed files with 33 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
View File

@ -38,14 +38,19 @@ On at least two devices that are not reporting or showing up in Update Complianc
c. Enter administrator credentials or approve the prompt. c. Enter administrator credentials or approve the prompt.
2. Navigate to the Windows Defender directory. By default, this is `C:\Program Files\Windows Defender`. 2. Navigate to the Windows Defender directory. By default, this is `C:\Program Files\Windows Defender`.
> [!NOTE]
> If you're running an updated Windows Defender Platform version, please run `MpCmdRun` from the following location: `C:\ProgramData\Microsoft\Windows Defender\Platform\<version>`.
3. Type the following command, and then press **Enter** 3. Type the following command, and then press **Enter**
```Dos ```Dos
mpcmdrun -getfiles mpcmdrun.exe -GetFiles
``` ```
4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt. By default, the location is `C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab`. 4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt. By default, the location is `C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab`.
> [!NOTE]
> To redirect the cab file to a a different path or UNC share, use the below command:
> `mpcmdrun.exe -GetFiles -SupportLogLocation <path>`
> for more information see '[Redirect diagnostic data to a UNC share](#Redirect-diagnostic-data-to-a-UNC-share)'
5. Copy these .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share with us. 5. Copy these .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share with us.
@ -60,6 +65,29 @@ On at least two devices that are not reporting or showing up in Update Complianc
Please contact me at: Please contact me at:
``` ```
## Redirect diagnostic data to a UNC share
To collect diagnostic data on a central repository, you can specify the SupportLogLocation parameter.
```Dos
mpcmdrun.exe -GetFiles -SupportLogLocation <path>
```
Copies the diagnostic data to the specified path. If the path is not specified, the diagnostic data will be copied to the location specified in the Support Log Location Configuration.
When the SupportLogLocation parameter is used, a folder structure as below will be created in the destination path:
```Dos
<path>\<MMDD>\MpSupport-<hostname>-<HHMM>.cab
```
| field | Description |
|:----|:----|
| path | The path as specified on the commandline or retrieved from configuration
| MMDD | Month Day when the diagnostic data was collected (eg 0530)
| hostname | the hostname of the device on which the diagnostic data was collected.
| HHMM | Hours Minutes when the diagnostic data was collected (eg 1422)
> [!NOTE]
> When using a File share please make sure that domain accounts used to collect the diagnostic package has write access to the share.
> To prevent data loss, you can deny these accounts from deleting data.
## See also ## See also

4
windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
View File

@ -36,7 +36,7 @@ MpCmdRun.exe [command] [-options]
``` ```
Here's an example: Here's an example:
``` ```
MpCmdRun.exe -scan -2 MpCmdRun.exe -Scan -ScanType 2
``` ```
| Command | Description | | Command | Description |
@ -44,7 +44,7 @@ MpCmdRun.exe -scan -2
| `-?` **or** `-h` | Displays all available options for this tool | | `-?` **or** `-h` | Displays all available options for this tool |
| `-Scan [-ScanType [0\|1\|2\|3]] [-File <path> [-DisableRemediation] [-BootSectorScan] [-CpuThrottling]] [-Timeout <days>] [-Cancel]` | Scans for malicious software. Values for **ScanType** are: **0** Default, according to your configuration, **-1** Quick scan, **-2** Full scan, **-3** File and directory custom scan. | | `-Scan [-ScanType [0\|1\|2\|3]] [-File <path> [-DisableRemediation] [-BootSectorScan] [-CpuThrottling]] [-Timeout <days>] [-Cancel]` | Scans for malicious software. Values for **ScanType** are: **0** Default, according to your configuration, **-1** Quick scan, **-2** Full scan, **-3** File and directory custom scan. |
| `-Trace [-Grouping #] [-Level #]` | Starts diagnostic tracing | | `-Trace [-Grouping #] [-Level #]` | Starts diagnostic tracing |
| `-GetFiles` | Collects support information | | `-GetFiles [-SupportLogLocation <path>]` | Collects support information. |
| `-GetFilesDiagTrack` | Same as `-GetFiles`, but outputs to temporary DiagTrack folder | | `-GetFilesDiagTrack` | Same as `-GetFiles`, but outputs to temporary DiagTrack folder |
| `-RemoveDefinitions [-All]` | Restores the installed Security intelligence to a previous backup copy or to the original default set | | `-RemoveDefinitions [-All]` | Restores the installed Security intelligence to a previous backup copy or to the original default set |
| `-RemoveDefinitions [-DynamicSignatures]` | Removes only the dynamically downloaded Security intelligence | | `-RemoveDefinitions [-DynamicSignatures]` | Removes only the dynamically downloaded Security intelligence |