SCCM Endpoint Protection Log Files and Locations
In this article, I will list all the SCCM Endpoint Protection log files and their locations. SCCM allows you to manage anti-malware policies and Windows Firewall security for client computers in your Configuration Manager hierarchy.
SCCM Endpoint Protection also helps protect your PC from malware, viruses, spyware, and other potentially harmful software. In this post, I will cover the SCCM EPP log files and their locations.
I covered the procedures for installing the Endpoint Protection role and the necessary prerequisites in one of my posts. In another blog post, I covered Configuration Manager 1602 Endpoint Protection Improvements. SCCM 1602 adds some new settings in the Endpoint Protection anti-malware policy for Windows Defender.
It might be a good idea to learn what the endpoint protection log files are before enabling the endpoint protection role. Most importantly, knowing where the SCCM EPP log files are located is essential and will be very helpful to you when troubleshooting endpoint protection-related problems.
SCCM Endpoint Protection Log Files and Locations
The below table lists all the SCCM endpoint protection log files and the location of each log file. For a list of all other log files, refer to SCCM log files.
SCCM Endpoint Protection Log File | Description | Endpoint Protection Log File Location |
EPCtrlMgr.log | Records details about the synchronization of malware threat information from the Endpoint Protection role server into the Configuration Manager database. | Site system server hosting the role.
C:\Program Files\Microsoft Configuration Manager\Logs |
EPMgr.log | Records the status of Endpoint Protection site | Site system server hosting the role.
C:\Program Files\Microsoft Configuration Manager\Logs |
EPSetup.log | Provides information about the installation of the Endpoint Protection site system role. | Site system server hosting the role.
C:\Program Files\Microsoft Configuration Manager\Logs |
EndpointProtectionAgent.log | Records details about the installation of the Endpoint Protection client and the application of anti-malware policy to that client. | Located on client machine. C:\Windows\CCM\Logs |
MPLog-XX.log | Records Endpoint Protection activity on the client side. | Located on client machine.
C:\ProgramData\Microsoft\Windows Defender\Support |
MPDetection-XX.log | Records details about each case of malware detected on the system. | Located on client machine.
C:\ProgramData\Microsoft\Windows Defender\Support |
NisLog.txt | Records details about the Network Inspection System. | Located on client machine.
C:\ProgramData\Microsoft\Windows Defender\Network Inspection System\Support |
Need more help?
If you need further assistance on the above article or want to discuss other technical issues, check out some of these options.