deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 22:07:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md
Andrea Bichsel (Aquent LLC) 64e05bcc73 Added Windows Server support
2018-05-30 09:37:04 -07:00

2.9 KiB
Raw Blame History

title, description, keywords, search.product, ms.pagetype, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.localizationpriority, author, ms.author, ms.date
title description keywords search.product ms.pagetype ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.localizationpriority author ms.author ms.date
Submit cab files related to Windows Defender EG problems Use the command-line tool to obtain .cab file that can be used to investigate ASR rule issues. troubleshoot, error, fix, asr, windows defender eg, exploit guard, attack surface reduction eADQiWindows 10XVcnh security w10 manage library security medium andreabichsel v-anbic 05/30/2018

Collect diagnostic data for Windows Defender Exploit Guard file submissions

Applies to:

  • Windows 10, version 1709 and later
  • Windows Server 2016

Audience

  • IT administrators

This topic describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using Windows Defender Exploit Guard.

In particular, you will be asked to collect and attach this data when using the Windows Defender Security Intelligence web-based submission form if you indicate that you have encountered a problem with Attack surface reduction rules or Network protection.

Before attempting this process, ensure you have met all required pre-requisites and taken any other suggested troubleshooting steps as described in these topics:

  1. On the endpoint with the issue, obtain the Windows Defender .cab diagnostic file by following this process:

    1. Open an administrator-level version of the command prompt:

      1. Open the Start menu.

      2. Type cmd. Right-click on Command Prompt and click Run as administrator.

      3. Enter administrator credentials or approve the prompt.

    2. Navigate to the Windows Defender directory. By default, this is C:\Program Files\Windows Defender, as in the following example:

      cd c:\program files\windows defender

    3. Enter the following command and press Enter

      mpcmdrun -getfiles

    4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt, but by default it will be in C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab.

  2. Attach this .cab file to the submission form where indicated.

Related topics