Collect update compliance diagnostic data for Microsoft Defender Antivirus assessment

Applies to:

This article describes how to collect diagnostic data that's used by Microsoft support and engineering teams when they help with troubleshooting issues with Microsoft Defender Antivirus.


For performance-specific issues related to Microsoft Defender Antivirus, see: Performance analyzer for Microsoft Defender Antivirus.

Before attempting this process, ensure you have read Troubleshoot Microsoft Defender Antivirus reporting, met all require prerequisites, and taken any other suggested troubleshooting steps.

Obtain the diagnostic file

On at least two devices that aren't reporting or showing up in Update Compliance, obtain the .cab diagnostic file by taking the following steps:

  1. Open Command Prompt as an administrator by following these steps:

    a. Open the Start menu.

    b. Type cmd. Right-click on Command Prompt and then select Run as administrator.

    c. Specify administrator credentials or approve the prompt.

  2. Navigate to the Windows Defender directory. By default, it's C:\Program Files\Windows Defender.

  3. Type the following command, and then press Enter

    mpcmdrun -getfiles
  4. A .cab file is generated that contains various diagnostic logs. The location of the file is specified in the output in the command prompt. By default, the location is C:\ProgramData\Microsoft\Windows Defender\Support\

  5. Copy the .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share.

  6. Send an email using the update compliance support email template, and fill out the template with the following information:

    I am encountering the following issue when using Microsoft Defender Antivirus in Update Compliance:
    I have provided at least 2 support .cab files at the following location: <accessible share, including access details such as password>
    My OMS workspace ID is:
    Please contact me at:

See also


Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.