Edit

Share via

Understand the client analyzer HTML report

  • Article

Applies to:

The client analyzer produces a report in HTML format. Learn how to review the report to identify potential sensor issues so that you can troubleshoot them.

Use the following example to understand the report.

Example output

In this example, the Defender for Endpoint Client Analyzer produced information about a device that was onboarded to an expired Org ID and failed to reach a required Defender for Endpoint URL:

The MDE Client Analyzer Results page

  • On top, the script version and script runtime are listed for reference

  • The Device Information section provides basic OS and device identifiers to uniquely identify the device on which the analyzer has run.

  • The Endpoint Security Details provides general information about Microsoft Defender for Endpoint-related processes including Microsoft Defender Antivirus and the sensor process. If important processes aren't online as expected, the color changes to red.

    The Check Results Summary page

  • On Check Results Summary, you'll have an aggregated count for error, warning, or informational events detected by the analyzer.

  • On Detailed Results, you'll see a list (sorted by severity) with the results and the guidance based on the observations made by the analyzer.

Open a support ticket to Microsoft and include the Analyzer results

To include analyzer result files when opening a support ticket, make sure you use the Attachments section and include the MDEClientAnalyzerResult.zip file:

An attachment prompt

Note

If the file size is larger than 25 MB, the support engineer assigned to your case will provide a dedicated secure workspace to upload large files for analysis.

See also

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.