Another “reminder where stuff is” post. This time for the Endpoint Protection logs. These should be the same for pretty much any version as far as I know, but I’m looking specifically at System Centre Endpoint Protection (SCEP) included as part of Config Manager 2012.
- %allusersprofile%\Microsoft\Microsoft Antimalware\Support—Log files specific for the antimalware service
- %allusersprofile%\Microsoft\Microsoft Security Client\Support—Log files specific for the SCEP client software
- %windir%\WindowsUpdate.log—Windows Update log files, which include information about definition updates
- %windir%\CCM\Logs\EndpointProtectionagent.log – Shows Endpoint version and policies applied
- %windir%\temp\MpCmdRun.log – Activity when performing scans and signature updates
- %windir%\temp\MpSigStub.log – Update progress for signature and Engine updates