Looking for client log files I had to do a bunch of digging. This is what I’ve concluded (for now).
C:\Windows\Temp\ (technically the System Temp folder)
- MpCmdRun.log
- MpSigStub.log
C:\ProgramData\Microsoft\Microsoft Security Client\Support (technically the %ProgramData%\Microsoft\Microsoft Security Client\Support folder)
- EppSetup.log
- EppSetup_#.log
- MSSecurityClient_Setup_<version>_epp_install.log
- MSSecurityClient_Setup_<version>_epp_uninstall.log
- MSSecurityClient_Setup_<version>_eppManagement_install.log
- MSSecurityClient_Setup_<version>_eppManagement_uninstall.log
- MSSecurityClient_Setup_<version>_FEP_install.log
C:\Windows\CCM\logs (technically <SCCM Client location\logs folder> which can be discovered at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Client\Configuration\Client Properties\Local SMS Path)
- EndpointProtectionAgent.log
- UpdatesDeployment.log (for definition updates)
- UpdatesHandler.log (for definition updates)
- UpdatesStore.log (for definition updates)
- UpdateStore.log (for definition updates)
- WUAHandler.log (for definition updates)
C:\Windows (technically the %windir% folder)
- WindowsUpdate.log (for definition updates)
The Technical Reference for Log Files in Configuration Manager lists these server side files:
- EPCtrlMgr.log
- EPMgr.log
- EPSetup.log
- NotiCtrl.log
This product has a few different names depending on the version and where you look in the application and logs. Here are a few alternative names:
- Microsoft System Center Endpoint Protection (the product GUI)
- SCEP (just the acronym)
- Microsoft Endpoint Protection (as seen in WSUS definitions)
- Microsoft System Center Configuration Manager Endpoint Protection
- Microsoft Configuration Manager Endpoint Protection (as seen in some product documentation)
- Microsoft Security Client (as seen in the software’s folder structure)
- Microsoft Antimalware Client (as seen in the software’s folder structure)
- Microsoft Security Essentials
- Microsoft Forefront Endpoint Protection 2010 Client (as seen in WSUS products… technically this is the old version but it is still there)
Thanks to a few other bloggers for getting me started
- Gerry Hampson
- Safari Flow
- others whom I failed to note