Run the client analyzer on macOS and Linux
Running the analyzer through GUI scenario
Download the XMDE Client Analyzer tool to the macOS or Linux machine you need to investigate.
The current SHA256 hash of 'XMDEClientAnalyzer.zip' that is downloaded from the above link is: 'AD8D9D90F9C953E206E57971E9BA399471CA6E61F7034099A686E7DD6757D7C6'
Extract the contents of XMDEClientAnalyzer.zip on the machine.
Open a terminal session, change directory to the extracted location and run:
On Linux, if the script does not have permissions to execute, then you'll need to first run:
chmod a+x mde_support_tool.sh
Running the analyzer using a terminal or SSH scenario
Open a terminal or SSH into the relevant machine and run the following commands:
wget --quiet -O XMDEClientAnalyzer.zip https://aka.ms/XMDEClientAnalyzer
unzip -q XMDEClientAnalyzer.zip
chmod +x mde_support_tool.sh
Run as non-root use to install required pip and lxml which components:
To collect actual diagnostic package and generate the result archive file run again as root:
For Linux, the analyzer requires 'lxml' to produce the result output. If not installed, the analyzer will try to fetch it from the official repository for python packages below: https://pypi.org/search/?q=lxml
In addition, the tool currently requires Python version 3 or later to be installed.
If you are running on a machine that cannot use Python 3 or fetch the lxml component, then you can download a binary based version of the analyzer that does not have any of the requirements: XMDE Client Analyzer Binary.
Note that the binary is currently unsigned. To allow the package run on MacOS, you will need to use the syntax: "spctl --add /Path/To/Application.app".
The current SHA256 hash of 'XMDEClientAnalyzerBinary.zip' that is downloaded from the above link is: '678866D7F14318BD7FEFCDC0259147C34366BCE84A547B5E18BCD07957A21C72'
If your device is behind a proxy, then you can simply pass the proxy server as an environment variable to the mde_support_tool.sh script. For example:
Additional syntax help:
-h # Help
# Show help message
performance # Performance
# Collects extensive tracing for analysis of a performance issue that can be reproduced on demand. Using
--length=<seconds> to specify the duration of the benchmark.
-o # Output
# Specify the destination path for the result file
-nz # No-Zip
# If set, a directory will be created instead of a resulting archive file
-f # Force
# Overwrite if output already exists in destination path
Result package contents on macOS and Linux
Description: The main HTML output file that will contain the findings and guidance that the analyzer script run on the machine can produce.
Description: Same diagnostic output that gets generated when running mdatp diagnostic create on either macOS
Description: XML output that is generated while running and is used to build the html report file.
Description: contains the details of the running Microsoft Defender for Endpoint related processes on the system.
Description: contains the same log messages written on screen during the data collection.
Description: The same basic health output that is shown when running mdatp health command.
Description: Additional XML file used by the analyzer when building the HTML report.
Description: details on audited service and related components for Linux OS
Description: The performance test reports. You will see this only if you are using the performance parameter.
Submit and view feedback for