Malwarebytes Endpoint Security logs

Document created by drossler Employee on May 11, 2017Last modified by jyamada on Jan 23, 2019
Version 21Show Document
  • View in full screen mode

The Malwarebytes Management Console and Managed Client collect logs which helps with administration and diagnostics. Business Support may request these logs in order to isolate and troubleshoot issues with Malwarebytes Endpoint Security. This article explains the different log types and details.


Malwarebytes Managed Client logs

The Managed Client logs contain information on Managed Client activity, server communications, and installation.



The SCCOMM log contains information on what the Managed Client is doing, as well as communication with the server. This log includes the following information:

  • Managed Client and endpoint client versions
  • Policy configurations and their results
  • Database updates
  • Manual commands sent from the console
  • Registration and server information
  • Any errors related to the above


SCCOMM log location:

  • C:\ProgramData\sccomm\sccomm.txt (Management Console version 1.6 or earlier)
  • C:\ProgramData\sccomm\Logs\sccomm.txt (Management Console version 1.7 or later)


Inno Setup log

The Inno Setup log details installation and setup of Malwarebytes Anti-Malware, Malwarebytes Anti-Exploit and Malwarebytes Anti-Ransomware, independent of SCCOMM logs. This log includes the following information:

  • Copying of files to their proper directory
  • Registering of DLLs
  • Creation of registry keys
  • And any errors related to the above


Inno Setup log location: 

  • C:\Windows\Temp\MSIxxxxx.LOG (Managed Client)
  • C:\Users\username\AppData\Local\Temp\Setup Log yyyy-mm-dd #xxx.txt (Unmanaged Client)


Management server install log location:

  • C:\Users\username\AppData\Local\Temp\msixxxxxx.log


Malwarebytes Anti-Malware logs

The Anti-Malware logs detail the protection plugin events on the endpoint, and the scan results for Malwarebytes Anti-Malware. The  archived-  prefix indicates logs that have been submitted to the Management Console from the Managed Client.


Malwarebytes Anti-Malware log location:

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs


Protection log

The Protection log contains information on various functions of Malwarebytes Anti-Malware. 

  • Database updates
  • Protection Module refresh
  • Scheduled items occurring and finishing


Protection log filename formats:

  • protection-log-yyyy-mm-dd.txt
  • archived-protection-log-yyyy-mm-dd.txt 


Scan log

The Scan log contains results of both manual and scheduled scans.


Scan log filename formats:

  • mbam-log-yyyy-mm-dd.txt
  • archived-mbam-log-yyyy-mm-dd.txt



Malwarebytes Anti-Exploit logs

The Anti-Exploit logs detail the current version of Malwarebytes Anti-Exploit and it's operation and detection events.


Malwarebytes Anti-Exploit log location:

  • C:\ProgramData\Malwarebytes Anti-Exploit\Logs  (Managed Client)
  • C:\ProgramData\Malwarebytes Anti-Exploit\  (Unmanaged Client)


Service log

The Service log contains information on the status of the Malwarebytes Anti-Exploit service, as well as the version of Anti-Exploit.


Service log filename formats:

  • mbae-service.txt
  • archived-mbae-service.txt


Alert log

The Alert log contains information on any blocks reported by Anti-Exploit.


Alert log filename formats:

  • mbae-alert.log
  • archived-mbae-alert.log


Default log

The Default log contains detailed information on Anti-Exploit and its interactions during protection events. This log is encrypted and can only be viewed by Anti-Exploit specialists.


Default log location:

C:\ProgramData\Malwarebytes Anti-Exploit\mbae-default.txt



Malwarebytes Anti-Ransomware logs

The Anti-Ransomware logs detail Anti-Ransomware events on the endpoint.


Service log

The Service log contains information on various functions of Malwarebytes Anti-Ransomware.

  • Database updates
  • Program revision updates
  • Block events


Malwarebytes Anti-Ransomware Service log location:



Installation log

The installation log contains information on the installation event of Malwarebytes Anti-Ransomware.


Anti-Ransomware managed and unmanaged installation log location:

C:\Users\username\AppData\Local\Temp\Setup Log yyyy-mm-dd #xxx.txt