NOTICE - On August 4 2021, Malwarebytes Endpoint Security reached its End of Life. For more information, see the Malwarebytes Endpoint Security End of Life notice. To upgrade to a supported version of Malwarebytes, see Malwarebytes Endpoint Protection or Malwarebytes for Teams.
The Malwarebytes Management Console and Managed Client collect logs which helps with administration and diagnostics. Business Support may request these logs in order to isolate and troubleshoot issues with Malwarebytes Endpoint Security. This article explains the different log types and details.
Malwarebytes Managed Client logs
The Managed Client logs contain information on Managed Client activity, server communications, and installation.
The SCCOMM log contains information on what the Managed Client is doing, as well as communication with the server. This log includes the following information:
- Managed Client and endpoint client versions
- Policy configurations and their results
- Database updates
- Manual commands sent from the console
- Registration and server information
- Any errors related to the above
SCCOMM log location:
- C:\ProgramData\sccomm\sccomm.txt (Management Console version 1.6 or earlier)
- C:\ProgramData\sccomm\Logs\sccomm.txt (Management Console version 1.7 or later)
Inno Setup log
The Inno Setup log details installation and setup of Malwarebytes Anti-Malware, Malwarebytes Anti-Exploit and Malwarebytes Anti-Ransomware, independent of SCCOMM logs. This log includes the following information:
- Copying of files to their proper directory
- Registering of DLLs
- Creation of registry keys
- And any errors related to the above
Inno Setup log location:
- C:\Windows\Temp\MSIxxxxx.LOG (Managed Client)
- C:\Users\username\AppData\Local\Temp\Setup Log yyyy-mm-dd #xxx.txt (Unmanaged Client)
Management server install log location:
Malwarebytes Anti-Malware logs
The Anti-Malware logs detail the protection plugin events on the endpoint, and the scan results for Malwarebytes Anti-Malware. The archived- prefix indicates logs that have been submitted to the Management Console from the Managed Client.
Malwarebytes Anti-Malware log location:
The Protection log contains information on various functions of Malwarebytes Anti-Malware.
- Database updates
- Protection Module refresh
- Scheduled items occurring and finishing
Protection log filename formats:
The Scan log contains results of both manual and scheduled scans.
Scan log filename formats:
Malwarebytes Anti-Exploit logs
The Anti-Exploit logs detail the current version of Malwarebytes Anti-Exploit and it's operation and detection events.
Malwarebytes Anti-Exploit log location:
- C:\ProgramData\Malwarebytes Anti-Exploit\Logs (Managed Client)
- C:\ProgramData\Malwarebytes Anti-Exploit\ (Unmanaged Client)
The Service log contains information on the status of the Malwarebytes Anti-Exploit service, as well as the version of Anti-Exploit.
Service log filename formats:
The Alert log contains information on any blocks reported by Anti-Exploit.
Alert log filename formats:
The Default log contains detailed information on Anti-Exploit and its interactions during protection events. This log is encrypted and can only be viewed by Anti-Exploit specialists.
Default log location:
Malwarebytes Anti-Ransomware logs
The Anti-Ransomware logs detail Anti-Ransomware events on the endpoint.
The Service log contains information on various functions of Malwarebytes Anti-Ransomware.
- Database updates
- Program revision updates
- Block events
Malwarebytes Anti-Ransomware Service log location:
The installation log contains information on the installation event of Malwarebytes Anti-Ransomware.
Anti-Ransomware managed and unmanaged installation log location:
C:\Users\username\AppData\Local\Temp\Setup Log yyyy-mm-dd #xxx.txt