SCCM Endpoint Protection Log Files and Locations

Endpoint Protection in SCCM allows you to manage anti-malware policies and Windows Firewall security for client computers in your Configuration Manager hierarchy. SCCM Endpoint Protection also helps protect your PC from malware, viruses, spyware, and other potentially harmful software. In this post I will cover the SCCM Endpoint Protection Log files and it’s locations.

In one of my post, I covered the steps to install Endpoint protection role along with prerequisites. And in another blog post I covered on Configuration Manager 1602 Endpoint Protection Improvements. SCCM 1602 adds some new settings in Endpoint Protection anti-malware policy for Windows Defender.

When you enable endpoint protection role, you might want to find out what are the endpoint protection log files. Most of all knowing the location of SCCM EPP log files are also crucial and will help you a lot in troubleshooting endpoint protection related issues.

SCCM Endpoint Protection Log Files and Locations

Here is table that lists SCCM endpoint protection log files and location of each log file. Compared to SCCM 2012 R2, some log files have got a new location.

Endpoint Protection Log FileDescriptionLog File Location
EPCtrlMgr.logRecords details about the synchronization of malware threat information from the Endpoint Protection role server into the Configuration Manager database.Site system server hosting the role.

C:\Program Files\Microsoft Configuration Manager\Logs

EPMgr.logRecords the status of
Endpoint Protection site
Site system server hosting the role.

C:\Program Files\Microsoft Configuration Manager\Logs

EPSetup.logProvides information about
the installation of the
Endpoint Protection site
system role.
Site system server hosting the role.

C:\Program Files\Microsoft Configuration Manager\Logs

EndpointProtectionAgent.logRecords details about the
installation of the Endpoint
Protection client and the
application of anti-malware
policy to that client.
Located on client machine. C:\Windows\CCM\Logs
MPLog-XX.logRecords Endpoint Protection activity on the client side.Located on client machine.

C:\ProgramData\Microsoft\Windows Defender\Support

MPDetection-XX.logRecords details about each case of malware detected on the system.Located on client machine.

C:\ProgramData\Microsoft\Windows Defender\Support

NisLog.txtRecords details about the Network Inspection System.Located on client machine.

C:\ProgramData\Microsoft\Windows Defender\Network Inspection System\Support

You might also like

Leave a Reply

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More