SOLVED

MDE Client analyzer reporting missing path

Copper Contributor

When running Client Analyzer on a server , it is missing path, and recommended fix is running

"PsExec.exe -s cmd /c (mkdir.exe C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cyber)"

 Well that does nothing, tried to change things, with and with out admin, and in powershell and in a command line. And i trie to find the path missing, it is there. So this error is not clear, the server will not be onboarded with this error either. I have tried to post this another place , but now i will here. 

 

3 Replies

Hi @Knut_S,

The MDE Client Analyzer error 122003 Missing Path indicates that the analyzer cannot find the following path:

C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cyber

This path is required for the client analyzer to run the connectivity tests to cloud service URLs.

You have already tried running the recommended fix, which is to use PsExec to create the missing path. However, this has not worked.

Here are some other things you can try:

  • Make sure that you are running the PsExec command as an administrator.
  • Try running the PsExec command from a different directory.
  • Try running the PsExec command from a different computer.
  • Try restarting the server.

If you are still unable to create the missing path, you can try creating it manually. To do this, open an elevated command prompt and enter the following command:

 

mkdir C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cyber

 

 

Once you have created the missing path, try running the client analyzer again.

If the client analyzer is still unable to run, you can try collecting the analyzer support logs using live response.

See the following article for more information:

Run the client analyzer on Windows: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/run-analyzer-windows?view...

The analyzer support logs can be used to troubleshoot the issue with Microsoft support.

Additional troubleshooting tips:

  • Make sure that the server is running the latest version of the MDE Client Analyzer tool.
  • Make sure that the server has a valid internet connection.
  • Make sure that the server is not running any other security software that is interfering with the MDE Client Analyzer tool.


Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)

@LeonPavesic 

Knut_S_0-1695884106654.png

This is a snip from the server in question, seems to me that this path is there. so how can it be missing. strange, could it be some kind of error with permissions

best response confirmed by Knut_S (Copper Contributor)
Solution

@LeonPavesic 

Maybe i found the issue,

Default paths are missing:
Default MDE Policies key
HKLM:\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection

 

That registry key is not on my server for some kind of reason. if look on other similar servers the key is there. so that may be the problem. Some times you need to read the error I guess. But how to fix the issue. 

1 best response

Accepted Solutions
best response confirmed by Knut_S (Copper Contributor)
Solution

@LeonPavesic 

Maybe i found the issue,

Default paths are missing:
Default MDE Policies key
HKLM:\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection

 

That registry key is not on my server for some kind of reason. if look on other similar servers the key is there. so that may be the problem. Some times you need to read the error I guess. But how to fix the issue. 

View solution in original post