You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/enable-troubleshooting-mode.md
+10-10Lines changed: 10 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,7 +15,7 @@ ms.collection:
15
15
- mde-ngp
16
16
ms.topic: conceptual
17
17
ms.subservice: ngp
18
-
ms.date: 09/25/2023
18
+
ms.date: 08/27/2024
19
19
---
20
20
21
21
# Get started with troubleshooting mode in Microsoft Defender for Endpoint
@@ -62,7 +62,9 @@ During troubleshooting mode, you can use the PowerShell command `Set-MPPreferenc
62
62
63
63
- Logs and snapshots are collected and are available for an admin to collect using the [Collect investigation package](respond-machine-alerts.md#collect-investigation-package-from-devices) feature on the device page. Microsoft doesn't remove this data from the device until an admin has collected it.
64
64
65
-
- Admins can also review the changes in settings that take place during Troubleshooting mode in **Event Viewer** on the device page.
65
+
- Admins can also review the changes in settings that take place during troubleshooting mode in **Event Viewer** on the device itself.
66
+
- Open Event Viewer, and then expand **Applications and Services Logs** > **Microsoft** > **Windows** > **Windows Defender**, and then select **Operational**.
67
+
- Potential events can include be events with IDs 5000, 5001, 5004, 5007 and others. See more details at [Review event logs and error codes to troubleshoot issues with Microsoft Defender Antivirus](troubleshoot-microsoft-defender-antivirus.yml#event-id-5000).
66
68
67
69
- Troubleshooting mode automatically turns off after reaching the expiration time (it lasts for 4 hours). After expiration, all policy-managed configurations become read-only again and revert back to how the device was configured before enabling troubleshooting mode.
68
70
@@ -81,19 +83,17 @@ During troubleshooting mode, you can use the PowerShell command `Set-MPPreferenc
81
83
82
84
- A device running Windows 10 (version 19044.1618 or later), Windows 11, Windows Server 2019, or Windows Server 2022.
83
85
84
-
Semester/Redstone|OS version|Release
85
-
:---|:---|:---
86
-
21H2/SV1|>=22000.593|[KB5011563: Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Search.aspx?q=KB5019275)
87
-
20H1/20H2/21H1|>=19042.1620<br/> >=19041.1620<br/> >=19043.1620|[KB5011543: Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Search.aspx?q=KB5011543)
88
-
Windows Server 2022|>=20348.617|[KB5011558: Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Search.aspx?q=KB5011558)
89
-
Windows Server 2019 (RS5)|>=17763.2746|[KB5011551: Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Search.aspx?q=KB5011551)
86
+
|Semester/Redstone|OS version|Release|
87
+
|:---|:---|:---|
88
+
|21H2/SV1|>=22000.593|[KB5011563: Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Search.aspx?q=KB5019275)|
89
+
|20H1/20H2/21H1|>=19042.1620<br/> >=19041.1620<br/> >=19043.1620|[KB5011543: Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Search.aspx?q=KB5011543)|
90
+
|Windows Server 2022|>=20348.617|[KB5011558: Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Search.aspx?q=KB5011558)|
91
+
|Windows Server 2019 (RS5)|>=17763.2746|[KB5011551: Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Search.aspx?q=KB5011551)|
90
92
91
93
- Troubleshooting mode is also available for machines running the modern, unified solution for Windows Server 2012 R2 and Windows Server 2016. Before you use troubleshooting mode, make sure all of the following components are up to date:
92
94
93
95
- Sense version `10.8049.22439.1084` or later ([KB5005292: Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005292))
94
-
95
96
- Microsoft Defender Antivirus - Platform: `4.18.2207.7` or later ([KB4052623: Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Search.aspx?q=KB4052623))
96
-
97
97
- Microsoft Defender Antivirus - Engine: `1.1.19500.2` or later ([KB2267602: Microsoft Update Catalog](https://www.microsoft.com/en-us/wdsi/defenderupdates))
98
98
99
99
- For troubleshooting mode to be applied, Microsoft Defender for Endpoint must be tenant-enrolled and active on the device.
0 commit comments