Run the client analyzer on macOS and Linux
Applies to:
Running the analyzer using a terminal or SSH scenario
Open a terminal or SSH into the relevant machine and run the following commands:
Download
wget --quiet -O XMDEClientAnalyzer.zip https://aka.ms/XMDEClientAnalyzer
Verify
echo '815F3E83EB1E6C33D712F101618018E1E38211D4E2807C3A9EF3CC0B0F95225C XMDEClientAnalyzer.zip' | sha256sum -c
Extract
unzip -q XMDEClientAnalyzer.zip -d XMDEClientAnalyzer
Change to the tool's directory
cd XMDEClientAnalyzer
Install the components
Run as a non-root user to install required pip and lxml components.
./mde_support_tool.sh
Collect the diagnosics
To collect the actual diagnostic package and generate the result archive file, run again as root.
sudo ./mde_support_tool.sh -d
Note
For Linux, the analyzer requires 'lxml' to produce the result output. If not installed, the analyzer will try to fetch it from the official repository for python packages below: https://pypi.org/search/?q=lxml
In addition, the tool currently requires Python version 3 or later to be installed.
If you are running on a machine that cannot use Python 3 or fetch the lxml component, then you can download a binary based version of the analyzer that does not have any of the requirements: XMDE Client Analyzer Binary.
Note that the binary is currently unsigned. To allow the package run on MacOS, you will need to use the syntax: "spctl --add /Path/To/Application.app".If your device is behind a proxy, then you can simply pass the proxy server as an environment variable to the mde_support_tool.sh script. For example:
https_proxy=https://myproxy.contoso.com:8080 ./mde_support_tool.sh"
Example:
Additional syntax help:
-h # Help
# Show help message
performance # Performance
# Collects extensive tracing for analysis of a performance issue that can be reproduced on demand. Using --length=<seconds>
to specify the duration of the benchmark.
-o # Output
# Specify the destination path for the result file
-nz # No-Zip
# If set, a directory will be created instead of a resulting archive file
-f # Force
# Overwrite if output already exists in destination path
Result package contents on macOS and Linux
report.html
Description: The main HTML output file that will contain the findings and guidance that the analyzer script run on the machine can produce.
mde_diagnostic.zip
Description: Same diagnostic output that gets generated when running mdatp diagnostic create on either macOS
or
mde.xml
Description: XML output that is generated while running and is used to build the html report file.
Processes_information.txt
Description: contains the details of the running Microsoft Defender for Endpoint related processes on the system.
Log.txt
Description: contains the same log messages written on screen during the data collection.
Health.txt
Description: The same basic health output that is shown when running mdatp health command.
Events.xml
Description: Additional XML file used by the analyzer when building the HTML report.
Audited_info.txt
Description: details on audited service and related components for Linux OS
perf_benchmark.tar.gz
Description: The performance test reports. You will see this only if you are using the performance parameter.
Feedback
Submit and view feedback for