Logs de diagnóstico

Quer tenha comunicado um problema ou o nosso serviço identifique um problema, poderemos ter de recolher determinados registos de diagnóstico do dispositivo sem intervenção do utilizador.

Não coletamos nenhum conteúdo gerado pelo usuário ou informações de diretórios de usuários. Coletamos apenas dados de diagnóstico e log que se referem à integridade do dispositivo e ao status.

Armazenamos todos os logs coletados por 28 dias e depois os excluímos. Processamos todos os registros coletados de um dispositivo seguindo nossos padrões de manuseio de dados.

Dados coletados

A lista seguinte inclui todas as pastas, registos de eventos, executáveis ou localizações de registo das quais o Microsoft Managed Desktop pode recolher registos de diagnóstico.

Os dados reais coletados serão um subconjunto desta lista e dependem do problema identificado.

Chaves de registro

HKLM\\SYSTEM\\CurrentControlSet\\Services HKLM\\SOFTWARE\\Microsoft\\Surface HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate HKLM\\SYSTEM\\CurrentControlSet\\Control\\MUI\\UILanguages HKLM\\Software\\Policies\\Microsoft\\WindowsStore HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\WindowsStore\\WindowsUpdate HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModel HKLM\\SYSTEM\\CurrentControlSet\\Control\\FirmwareResources HKLM\\SOFTWARE\\Microsoft\\WindowsSelfhost HKLM\\SOFTWARE\\Microsoft\\WindowsUpdate HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Superfetch HKLM\\SYSTEM\\Setup HKLM\\Software\\Microsoft\\IntuneManagementExtension HKLM\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot HKLM\\SOFTWARE\\Microsoft\\Windows Advanced Threat Protection HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Authentication\\LogonUI HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall HKLM\\Software\\Policies HKLM\\SOFTWARE\\Policies\\Microsoft\\Cryptography\\Configuration\\SSL HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Advanced Threat Protection HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall HKLM\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL

Comandos

%programfiles%\\windows defender\\mpcmdrun.exe -GetFiles %windir%\\system32\\certutil.exe -store %windir%\\system32\\certutil.exe -store -user my %windir%\\system32\\Dsregcmd.exe /status %windir%\\system32\\ipconfig.exe /all %windir%\\system32\\ipconfig.exe /displaydns %windir%\\system32\\mdmdiagnosticstool.exe %windir%\\system32\\msinfo32.exe /report %temp%\\MDMDiagnostics\\msinfo32.log %windir%\\system32\\netsh.exe advfirewall show allprofiles %windir%\\system32\\netsh.exe advfirewall show global %windir%\\system32\\netsh.exe lan show profiles %windir%\\system32\\netsh.exe winhttp show proxy %windir%\\system32\\netsh.exe wlan show profiles %windir%\\system32\\netsh.exe wlan show wlanreport %windir%\\system32\\ping.exe -n 50 localhost %windir%\\system32\\powercfg.exe /batteryreport /output %temp%\\MDMDiagnostics\\battery-report.html %windir%\\system32\\powercfg.exe /energy /output %temp%\\MDMDiagnostics\\energy-report.html bitsadmin /list /allusers /verbose fltMC.exe bcdedit /enum all /v manage-bde -protectors -get Windows PowerShell commands: Get-appxpackage -allusers Get-appxpackage -packagetype bundle Get-Service wuauserv Get-NetFirewallRule Get-WmiObject -Class win32\_product Get-ComputerInfo Get-Service Get-Process Get-WmiObject Win32\_PnPSignedDriver

Logs de eventos

Application Microsoft-Windows-AppLocker/EXE and DLL Microsoft-Windows-AppLocker/MSI and Script Microsoft-Windows-AppLocker/Packaged app-Deployment Microsoft-Windows-AppLocker/Packaged app-Execution Microsoft-Windows-Bitlocker/Bitlocker Management Microsoft-Windows-SENSE/Operational Microsoft-Windows-SenseIR/Operational Setup System

Arquivos

%ProgramData%\\Microsoft\\DiagnosticLogCSP\\Collectors\\\*.etl %ProgramData%\\Microsoft\\IntuneManagementExtension\\Logs\\\*.\* %ProgramData%\\Microsoft\\Windows Defender\\Support\\MpSupportFiles.cab %ProgramData%\\Microsoft\\Windows\\WlanReport\\wlan-report-latest.html %ProgramData%\\Microsoft\\Windows\\WlanReport -SourceFileName wlan-report-latest.html %windir%\\ccm\\logs\*.log %windir%\\ccmsetup\\logs\*.log %windir%\\logs\\CBS\\cbs.log %windir%\\logs\\measuredboot\*.\* %windir%\\Logs\\WindowsUpdate\*.etl %windir%\\inf\\\*.log %windir%\\servicing\\sessions\\ActionList.xml %windir%\\servicing\\sessions\\Sessions.xml %windir%\\SoftwareDistribution\\DataStore\\Logs\\edb.log %windir%\\SoftwareDistribution\\DataStore\\DataStore.edb %windir%\\logs\\dism\\dism.log %SystemRoot%\\System32\\Winevt\\Logs\\ %appdata%\\Microsoft\\Teams\\media-stack\\\*.blog %appdata%\\Microsoft\\Teams\\skylib\\\*.blog %appdata%\\Microsoft\\Teams\\media-stack\\\*.etl %appdata%\\Microsoft\\Teams\\logs.txt %windir%\\Windows\\System32\\winevt\\\*.\*