Self-Service Supportability Orchestrator
SSSO is a data collection tool. It brings several supportability tools that endpoint customers use under a single orchestrator. The tool invokes the right tool at the right time, and eases the data collection effort. This tool captures the context in which the data collection happens, which helps report proper telemetry data.

The SSSO tool is available on the Tools support portal landing page. 

Recent updates to this article

Date	Update
April 12, 2022	Added that SSSO does not work on non-English language OS.
March 1, 2022	Added expandable sections.
November 17, 2021	Added: Support for Windows 10 Version 21H2 and earlier versions. Product Release Information table.
October 6, 2021	Updated environment for SSSO to version 21.9. Added features: Complete WebMER Integration, Playbook Execution history, Proxy support. Supports new operating systems: Windows 11, 10 21H2 Windows Server 2022 ​Most of the playbook descriptions have been updated. Added a new known issue.

Click to expand the section you want to view:

Product release information

 

SSSO Product Version	Release Date
SSSO 21.9	September 2021
SSSO 21.4	April 2021
SSSO 20.11	November 2020
SSSO 20.8	August 2020
SSSO 1.0	April 2020

SSSO purpose

Use this tool in the following situations:

• When you open a Service Request with Technical Support, and need data collection
• When the data collection effort is complex or simple
• When the tool or tools you need are many or hard to use
• When the issue is sporadic, random, or reproducible on demand
  Examples:
  • Capture data for a high CPU issue that occurs randomly in the environment. This issue requires tools from both McAfee Enterprise and Microsoft to run in tandem, and only when CPU is high.
  • Run the McAfee Enterprise and Microsoft tools needed to capture the behavior when a third-party application starts. Also, where the third-party randomly experiences an Access Denied failure and crashes. Don’t collect logs if the failure didn’t occur.
  • Enable debug logging for Endpoint Security and McAfee Agent when a certain third-party process starts. Collect the process dump of that third party when it crashes within two minutes of startup. Disable debug logging, and collect files when the crash occurs. Otherwise, stop logging until the next time the process starts.

SSSO tool contents

The SSSO comes as a .zip file named SSSO_1.0.0.xxx.zip. The tool folder structure when executed contains the following:

• Doc folder - The doc folder consists of the help documents. The Playbook.yml file contains the steps to create your own playbook pertinent to the issue. The TelemetryData.txt file contains details about telemetry information collected for product improvement and Enterprise support purposes. This file is created in the root folder.
• Playbooks folder - Consists of two subfolders, custom and default. The default folder contains a few playbooks that have been authored based on customer escalations. Use the custom folder when a new playbook has been authored.
• Plug-ins folder - Plug-ins consist of two subfolders, custom and default. In the default folder, there are a few PowerShell scripts that monitor specific use cases. The plug-ins are basically PowerShell modules. You can write and save custom plug-ins to the custom folder. There are many resources on the internet for PowerShell scripting.
  NOTE: The default plug-ins are checked for signing while executing, but the custom plug-ins aren’t checked for signing. McAfee Enterprise isn’t responsible for customer-created custom plug-ins.
• Run folder - By default, the run folder isn’t present when the tool is freshly extracted from the SSSO_1.0.0.xxx.zip. The folder gets created automatically when SSSOLauncher.exe is executed. This folder contains the output of the command executed in a compressed (.tgz) format saved according to the time stamp. This compressed file holds the SSSO.log, SSSO_Telemetry.xml files, and other dump files or logs. The files depend on the tools used in the command execution.
• Tools folder - The tools folder is categorized into custom and default. Each of the folders has subfolders within them, namely x64 and x86. The default tools are shipped with all relevant McAfee Enterprise tools.
  The tools can be updated to latest versions by running the Update Tools Workflow. For details, either see the SSSO Product Guide, or run the SSSOLauncher.exe -update command.
  NOTE: The default tools are checked for signing while being executed, but the custom tools aren’t checked for signing. McAfee Enterprise isn’t responsible for customer-created custom tools.
• License.txt - License information of components used. This file is added as a reference.
• SSSOLauncher.exe - The main executable that is used to start the SSSO application. It also accepts command-line arguments. To learn more about the input arguments for the binary, see the help.txt document in the doc folder.
• SSSO.log - A log file generated after you run SSSOLauncher.exe. It displays the log output of the last command execution only.
• SSSO_Updater.log - An updater log file generated after you run SSSOLauncher.exe. It displays the auto-update and log upload output of the last executed command only.
• SSSO_Telemetry.xml - This XML file displays the telemetry output of the last command executed.
• Royalty-Free Tools License.txt - This file contains the SSSO end-user license agreement (EULA). By default, this file isn’t present in the root folder. When executed for the first-time, the EULA page is displayed. After acceptance, this file is created in the root folder.

SSSO GUI Workflows

Four SSSO GUI workflows are available:

• Collect MER Workflow (SSSO supports all GUI and WebMER command-line options)
• Playbook Execution Workflow (running the SSSO playbooks on a host)
• Create an ePO Endpoint Deployment Kit (EEDK) Workflow
• Update Tools Workflow

 For more details, see the SSSO Product Guide.

Command-Line Parameters:

Use: SSSSLauncher.exe [options...]
 

Options	Description
-? | /? | -help	Help details displayed.
-update	Download or update third-party tools.
-Procname:ProcessName	Specify the process name to be used inside the playbook. Example: -procname:mcshield.exe
-filepath:"<filepath>"	Specify the filepath to be used inside the playbook. Example: -filepath:"C:\test\Logs"
-play playbookname.yml	Run the specified playbook. Example: -play CreateEEDK.yml
-accepteula	Silently accept the SSSO EULA.
-threshold:<value>	Specify the CPU threshold to be used inside the playbook. Example: -threshold:20
-sr:<SR Number>	Use this switch to upload results automatically to a McAfee Enterprise Server against the given valid Service Request (SR) number. Example: -sr:4-123456789
-skipupgrade	Skip auto upgrade of SSSO binaries for a particular run.
-delay:<value>	Specify the delay (in seconds) to be used inside the YAML. Example: -delay:200
-thresholds:<val1,val2,val3>	Specify multiple memory thresholds (in MB) separated by a comma, to be used inside the YAML. Example: -thresholds:100,200,300)
-createeedk	Create an ePO deployable package.
-acceptthirdpartyeula	Silently accept the Procmon and Procdump EULA when deployed from ePO.  NOTE: The Acceptthirdpartyeula switch only works from ePO.
-proxy:<options>	Sets the proxy server details. Use one of the options below: -proxy:disable Disables the proxy settings; connects directly to the internet without a proxy. -proxy:system Applies the system proxy settings. -proxy:custom(url,port) Sets the proxy to the specified URL and port. Example: -proxy:custom(proxy.example.com,9090)
-skiptelemetry	Turn off SSSO telemetry.
-MER	Runs the MER for all detected McAfee Enterprise products with event logs for the default number of days.
-MERprods	Specify the supported McAfee Enterprise products for which MER must be collected.
-MERlogs	Number of days of Application Logs, System Logs, and Security logs to collect. Specify -1 to avoid collection for any of the event logs.
-MERsanitize	Remove IP address, MAC address, domain names, and computer names from the MER result file.
-MERCSanitize	[1 | 2] [RegEx filename | Text to sanitize] Use this switch to sanitize the MER logs from a regex file, or from a regex argument.

 

Running SSSO in Air-Gapped Environments:

For a detailed workflow on SSSO execution in air-gapped environments, see the SSSO Product Guide.

Execute a playbook and record your observations

Example problem: Data Collection when an Endpoint Security process is consuming high CPU on a system.
Playbook name: ENS_Process_HighCPU_Level1.yml

What the playbook does:

1. Run SSSOLauncher.exe.
2. After you accept the EULA, select the playbook ENS_Process_HighCPU_Level1.yml. For more details, see the SSSO Product Guide and look at the section "Playbook Execution Workflow (Running the SSSO Playbooks on a Host)."
   NOTE: The SSSOLauncher.exe executable waits for the CPU utilization to breach the 40% threshold.
3. Reproduce the issue, and wait for CPU to breach the threshold value.
4. Initiate a full Endpoint Security on-demand scan on the system.
   NOTE: When a full on-demand scan is triggered, the CPU utilization exceeds the threshold limit. The SSSOLauncher.exe starts collecting the PerfCounters, Procmon, and AMTrace data. At the end, the MER logs are collected.
    
5. After the execution is complete, navigate to SSSO_1.0.0.xxx\run.
   NOTE: The output logs are displayed in the SSSO.log file. The file is found in the root directory SSSO_1.0.0.xxx\run\<timestamp>.tgz. The file displays the output of the command executed, and shows different internal tool activities. Reports generated by all third-party tools are compressed in a SSSO_1.0.0.xxx\run\<timestamp>.tgz file.
    
6. If you use the option -sr:<SR number>, the data collected is automatically uploaded to the specific Service Request (SR).
   For example: Using the option -SR: 1–123456789, you can upload the collected data to the respective SR 1–123456789.

ePO Endpoint Deployment Kit (EEDK)

For instructions to create an EEDK Workflow, see the "SSSO GUI Workflows" section in the SSSO Product Guide.

How to deploy SSSO to multiple hosts from ePO:
A one-stop solution to deploy SSSO using ePO is through an EEDK package. To use it, follow the steps below:

1. Upload the package SSSO_EEDK.zip to the Master Repository in ePO.
2. Select the list of systems or groups in the System Tree.
3. Create a Run Client Task Now task by clicking Actions, Agent, Run Client Task Now.
4. In the Run Client Task Now window, select the product McAfee Agent, the task type as Product Deployment, and then click Create New Task.
5. On the Run Client Task Now page, select:
   • The Target Platform
   • The product as Self Service Supportability 1.0.0.xxx.
      
6. Provide the command-line option -acceptThirdPartyEULA, and provide the respective command-line argument to run the playbook. For example:
   
   -acceptThirdPartyEULA -play <Playbook_Name.yml>
    
7. Provide appropriate command-line options to run the specific playbook. 
   
   Example: You run ENS_Process_HighCPU_Level1.yml to collect data for mcsheild.exe at a CPU threshold of 40%. The command would be:
   
   -acceptThirdPartyEULA -play ENS_Process_HighCPU_Level1.yml -procname:mcshield.exe -threshold:40
   
   NOTE: Any parameter with a double quote (") must be prefixed with a backslash \. For example:
   
   acceptthirdpartyeula -MERprods \"Endpoint Security\"
   
   Package and command-line information example:
   
   
   
   NOTES:
   • If there are any SSSO failures, you can look in the SSSO_Updater.log and SSSO.log in %ProgramData%\McAfee\SSSO.
   • The location of the output logs is: %ProgramData%\McAfee\SSSO\<Timestamp>.tgz.
   • The following applies for any playbook that needs to be executed on the client using the EEDK package. You must first accept a EULA for third-party tools on the client system.
   • You can't run playbooks with LiveKD.exe and NotMyFault.exe references from ePO.

Playbooks for data collection

A set of playbooks that comes with the package that you can use for data collection.

 

NOTES:

• All playbooks require that the minimum PowerShell version of 3.0 or later to be installed.
• If Exploit Prevention is enabled, the rule Execution Policy Bypass in PowerShell must not be configured to Block. 
• For all Memory-related playbooks, If either of the following products are installed, self-protection must be disabled before executing the playbook.
  • Endpoint Security (ENS)
  • VirusScan Enterprise (VSE)

Two groups are available:

• Basic Playbooks
• Advanced Playbooks

Default Playbooks

Basic
Playbook Name	Playbook Description
CheckThridPartyToolsEULAAcceptance	Checks if the third-party tools EULA is accepted. Any software to be installed before running playbook: No
Advanced
Playbook Name	Playbook Description
Template_DefaultToolsPlaybookExample	Shows the usage of all McAfee Enterprise tools. Collects: AMTrace, MMSInfo, FWInfo, ETLTrace, AACInfo, MER. Any software to be installed before running playbook: No
Template_HighCPUUsage	Monitors high CPU usage of a specified process (-procname:<processname.exe>) for a specified threshold (-threshold:<value>). Collects: Procdump, Procmon, MER. Any software to be installed before running playbook: No
Template_LogFilterExample	Looks for a pattern in any log file. Collects: AMTrace. Any software to be installed before running playbook: No
Template_ProcessCrashWithProcdump	Monitors the event of a process crash (-procname:<processname.exe>). Collects: Procdump, MER. Any software to be installed before running playbook: No
Template_ProcessCrashWithWER	Monitors the event of a process crash (-procname:<processname.exe>) using Windows Error Reporting (WER). Collects: Process dump, MER. Any software to be installed before running playbook: No
Template_ProcessHang	Monitors the event of a process hang (-procname:<processname.exe>). Collects: Procdump, MER. Any software to be installed before running playbook: No
Template_ProcessMemoryLeakWithProcdump	Monitors the event of a process: (-procname:<processname.exe>) memory leak. Collects: Procdump and MER for multiple memory thresholds breaches. Any software to be installed before running playbook: No
Template_ProcessMemoryLeakWithUMDH	Monitors the event of a process: (procname:<processname.exe>) memory leak. Collects:  User-mode dump heap (UMDH) snapshots, and Procdumps for multiple memory threshold breaches. Any software to be installed before running playbook: Yes1
Template_ProcessMultipleCrashDumps	Collects multiple crash dumps for a specified process. Any software to be installed before running playbook: No
Process_MemoryLeak_WithLoop	Useful in detecting memory leaks for a given process and given memory thresholds (-thresholds:100,200,300). Collects: Procdumps, Poolmon, UMDH, snapshots for multiple memory threshold breaches. Any software to be installed before running playbook: Yes1,2

 

1	Windows Debugging tools that need to be installed to run umdh.exe. Make sure the path to gflags.exe and umdh.exe is correct, as different versions of Windows Debugging tools might have a different path. Default path is according to the Windows 10 Debugging Tools.
2	Windows Development Kit (WDK) needs to be installed to run poolmon.exe. Make sure the path to poolmon.exe is correct, as different versions of WDK might have a different path. Current path is according to the Windows 10 Development Kit.

Endpoint Security (ENS) Playbooks

Basic
Playbook Name	Playbook Description
ENS_EventBasedLogCollection	Collects data for a certain event ID. Collects: Procmon, AMTrace if the event ID is triggered. Any software to be installed before running playbook: No
ENS_InstallationFailure_ePO	Monitors for installation failures for the ePO deployment of ENS. Collects: Procmon, AMTrace, SFC, MER. Any software to be installed before running playbook: No
ENS_Process_HighCPU_Level1_Parellel	Monitors the CPU usage of the specified ENS process (-procname:<processname.exe>) for a specified threshold (-threshold:<value>) and collects data concurrently. Collects: PerfCounters, Procmon, AMTrace, WPR ,  MER if there’s a threshold breach. Any software to be installed before running playbook: No
ENS_Process_MemoryLeak	Useful in detecting memory leaks for a given ENS process. Collects: Procmon, AMTrace, Procdump, Poolmon, UMDH snapshots for multiple memory thresholds. Any software to be installed before running playbook: Yes1
ENS_SlowODSTask	Used to collect dumps for a slow on-demand scan (ODS). Collects: Multiple Procmon, AMTrace, MER. Any software to be installed before running playbook: No
ENS_SlowAppStartup_Random	The playbook monitors the process: (-procname:<processname.exe>), to see if it’s taking a long time to startup. Collects: Procmon, AMTrace. Any software to be installed before running playbook: No
ENS_SystemHighCPU	Monitors the CPU usage of the entire system. Collects: Procmon, AMTrace, WPR, PerfCounters, MER if the specified threshold is breached. Any software to be installed before running playbook: Yes2
Advanced
Playbook Name	Playbook Description
ENS_eventMessageBasedLogCollection	Collects data for a certain event ID and messages. Collects: Procmon, AMTrace if the event ID and event messages are triggered. Any software to be installed before running playbook: No
ENS_FirewallPolicyCollection	Collects the ENS Firewall configuration, policy, and ipconfig output details. Any software to be installed before running playbook: No
ENS_InstallationFailure	Monitors for installation failures for the standalone installation of ENS. Collects: Procmon, AMTrace, SFC, MER. Any software to be installed before running playbook: Yes2
ENS_Process_HighCPU_level1	Monitors the CPU usage of the specified ENS process: (-procname:<processname.exe>) for a specified: threshold (-threshold:<value>). Collects: PerfCounters, Live Kernel dump, MER if there's a threshold breach. Any software to be installed before running playbook: No
ENS_Process_HighCPU_level1_Parallel	Monitors the CPU and memory usage of the specified ENS process (-procname:<processname.exe>) for a specified threshold. Collects: Complete memory dump if there's a threshold breach. Any software to be installed before running playbook: No
ENS_Process_HighCPU_Level2	Monitors a process if it takes a long time to startup. Collects: Procmon, AMTrace. Any software to be installed before running playbook: No
ENS_Process_HighCPU_Level3	Configures boot logs for ENS Windows. Since it's a manual execution, the user has to execute the ENS_BootLogging_Stop_Manual playbook after the reboot. Collects: Procmon, AMTrace. Any software to be installed before running playbook: No
ENS_SlowAppStartup_Repro	This playbook has to be executed after ENS_BootLogging_Start_Manual, once the computer is up after the reboot.  Collects: Procmon, AMCore logs during the boot time. Any software to be installed before running playbook: No

 

1	Windows Debugging tools need to be installed to run the umdh.exe file. Make sure the path to gflags.exe and umdh.exe is correct. Different versions of Windows Debugging tools might have a different path. Default path is according to Windows 10 Debugging Tools.
2	Windows Assessment and Deployment Kit (ADK) needs to be installed to run wpr.exe. Select Windows Performance Toolkit during ADK setup. Make sure the path to umdh.exe is correct, as different versions of the ADK tool might have a different path. Current path is according to Windows 8 ADK tool.

VirusScan Enterprise (VSE) Playbooks

Playbook Name	Playbook Description
VSE_InstallationFailure	Monitors for an event ID 21, which relates to execution denied for an application, and collects the MER file when this event occurs. Any software to be installed before running playbook: No
VSE_ODS_Hang_x64	Collects information by running gatherinfo.bat. Any software to be installed before running playbook: No
VSE_ODS_Hang_x86	Can be used to set the needed log levels. Any software to be installed before running playbook: No

McAfee Agent Playbooks

Basic
Playbook Name	Playbook Description
MA_Process_MemoryLeak	Useful when detecting memory leaks for a given McAfee Agent process. Collects: Procdump, MER, and UMDH snapshots for multiple memory thresholds Any software to be installed before running playbook: Yes1

 

1	Windows Debugging tools need to be installed to run umdh.exe. Make sure the path to gflags.exe and umdh.exe is correct. Different versions of Windows Debugging tools might have a different path. Default path is according to the Windows 10 Debugging Tools.

McAfee Application and Change Control (MACC) Playbooks

Basic
Playbook Name	Playbook Description
MACC_ExecutionDenied	Monitors execution denied event by MACC. Collects: MER. Any software to be installed before running playbook: No
MACC_Gatherinfo	Collects: Gatherinfo data for initial analysis. Any software to be installed before running playbook: No
MACC_Loglevel	Sets the needed log levels for a specified MACC module. Any software to be installed before running playbook: No
Advanced
Playbook Name	Playbook Description
MACC_HighCPU	Monitors the CPU usage of a specified MACC process (-procname:<processname.exe>) for a specified threshold (-threshold:<value>). Collects: Procdump, Procmon, WPR, MER if there’s a threshold breach. Any software to be installed before running playbook: Yes2
MACC_HighMemory	Useful in detecting memory leaks for a given MACC process. Collects: Procdump, MER if there’s a memory threshold breach. Any software to be installed before running playbook: No
MACC_InstallationFailure	Monitors for installation failures of MACC. Collects: MER. Any software to be installed before running playbook: No
MACC_PackageControl	Monitors package changes prevention events by MACC. Collects: MER. Any software to be installed before running playbook: No
MACC_PreventedExecution	Monitors execution prevention event by MACC for any binary. Collects: MER. Any software to be installed before running playbook: No
MACC_Process_MemoryLeak	Useful in detecting memory leaks for a given MACC process. Collects: Procmon, Procdump, Poolmon over time. Any software to be installed before running playbook: Yes1
MACC_Procmon_MER	Collects: Procmon, MER for system performance issues. Any software to be installed before running playbook: No
MACC_SystemCrash	Monitors system crash for MACC. Collects: MER. Any software to be installed before running playbook: No
MACC_SlowAppStartup_Random	Monitors system crash for MACC. Collects: MER. Any software to be installed before running playbook: No
MACC_SystemCrashDataZip	Zips the data generated on a system crash, after execution of MACC_SystemCrash.yml. Any software to be installed before running playbook: No
MACC_WriteDenied	Monitors write denied event by MACC. Collects: MER. Any software to be installed before running playbook: No

 

1	Windows Development Kit (WDK) needs to be installed to run poolmon.exe. Make sure the path to poolmon.exe is correct, as different versions of WDK might have a different path. Current path is according to Windows 10 Development Kit.
2	Windows Assessment and Deployment Kit (ADK) needs to be installed to run wpr.exe. Select Windows Performance Toolkit during ADK setup. Make sure the path to umdh.exe is correct, as different versions of the ADK tool might have a different path. Current path is according to Windows 8 ADK tool.

Management for Optimized Virtual Environments (MOVE) Antivirus Playbooks

Basic
Playbook Name	Playbook Description
MOVE_DataCollection	Changes the loglevel, logFileSize, and logFileNum for MOVE modules. Collects: MER. Any software to be installed before running playbook: No
Advanced
Playbook Name	Playbook Description
MOVE_Clientx86_InstallationFailure	Monitors for the installation failures of 32-bit MOVE client. Collects: Procmon, AMTrace, SFC, MER. Any software to be installed before running playbook: No
MOVE_Clientx64_InstallationFailure	Monitors for the installation failures of 64-bit MOVE client. Collects: Procmon, AMTrace, MER. Any software to be installed before running playbook: No
MOVE_DataCollection	Useful in detecting memory leaks for a given MOVE process. Collects: MER, multiple Procdumps, UMDH snapshots over time Any software to be installed before running playbook: Yes1

 

1	Windows Debugging tools need to be installed to run umdh.exe. Make sure the path to gflags.exe and umdh.exe is correct. Different versions of Windows Debugging tools might have a different path. Default path is according to Windows 10 Debugging Tools.

Author your own playbook
It isn’t hard to create your own playbook. The playbook.yml file under the doc folder helps you create a playbook with little effort.

There are a few things to remember when you create the playbook:

• Outline your use case in simple tasks. Break down what is needed and when it’s needed.
• Follow the conventions as described in the file doc\playbook.yml.
• Avoid using tab spaces in the YAML software. The following is an FAQ from the official YAML website:
  
  "Tabs have been outlawed, since different editors and tools treat them differently. And since indentation is so critical to proper interpretation of YAML, this issue is just too tricky to even attempt. Indeed, Guido van Rossum of Python has acknowledged that allowing TABs in Python source is a headache for many people."

NOTES:

• The SSSO supports playbooks of well-known workflows, which include product-specific workflows.
• The user-specific or product-specific workflows can reduce the time for auto remediation or effective data collection.
• The SSSO also supports building custom playbooks based on your needs.
• The playbook also supports invoking different tools based on time, events, or external triggers.

Supported operating systems

 

Operating System	SSSO Tool 21.9 and later
Clients
Microsoft Windows 11	Yes
Microsoft Windows 10 version 21H2  Microsoft Windows 10 version 21H1 Microsoft Windows 10 version 20H2 October 2020 Update  Microsoft Windows 10 version 2004 May 2020 Update  Microsoft Windows 10 version 1909 November 2019 Update  Microsoft Windows 10 version 1903 May 2019 Update  (64-bit, 32-bit)	Yes
Microsoft Windows 8 (64-bit, 32-bit)	Yes
Microsoft Windows 7 (64-bit, 32-bit)	Yes
Microsoft Windows Vista (64-bit, 32-bit)	No
Servers
Microsoft Windows Server 2022	Yes
Microsoft Windows Server 2019	Yes
Microsoft Windows Server 2016	Yes
Microsoft Windows Server 2012 R2	Yes
Microsoft Windows Server 2012	Yes
Microsoft Windows Server 2008 Release 2 (64-bit)	Yes
Microsoft Windows Server 2008	No

Enable debug logging

 

Product	Debug Logging Article
McAfee Application and Change Control (MACC)	KB90755 - Minimum Data Collection to troubleshoot Application and Change Control
Management for Optimized Virtual Environments (MOVE)	KB87799 - How to enable debug logging for MOVE Agentless and Multi-Platform via the command line
Endpoint Security (ENS)	KB91797 - Enable debug logging to troubleshoot Endpoint Security issues

SSSO usage on MACC enabled systems

IMPORTANT:

• If you try to execute the SSSO tool with McAfee Application and Change Control (MACC enabled), you might observe some denials.
• You need to add a McAfee Enterprise certificate as a trusted publisher. For more information, see: KB94861 - How to use the SSSO tool with MACC enabled.

Common error scenarios

• "Another Instance of Self Service Supportability Orchestrtor is already running."
  
  Comment: You can only run one instance of SSSO at a time.
   
• "Unsupported OS! SSSO requires Windows 7/ Windows 2008 R2 or above.
  Blocking Execution."

Comment: SSSO can run only on operating systems listed in the "Supported operating systems" section. Running SSSO on older operating system versions returns an unsupported operating system error.

• "PowerShell version not supported! Please upgrade PowerShell version is less than 3.0 or higher version.
  Blocking Execution."

Comments:

• For all workflows except 'Collect MER Workflow', the PowerShell version must be 3.0 or later.
• If Exploit Prevention is enabled, the rule Execution Policy Bypass in PowerShell must not be configured to Block. 
   
• "Self Service Supportability Orchestrtor validation Failed! Exiting."

Comment: This error appears if any unauthorized files are present in the SSSO folders. To understand the reason for the failure, look at the logs.

 

• "Self Service Supportability Orchestrtor validation Failed!
  Invalid File SSSSO_1.0.0.1522/test.xml
  Blocking SSSO Execution!"

Comment: You can't run SSSO from case-sensitive paths. If any of the folders in the path are case-sensitive, see below.

 

Playbook Execution failed
Playbook execution can fail for many reasons. Some common case examples: 

• "ENS Self Protection not disabled"
  • For all memory-related playbooks, if ENS or VSE is installed, Self-protection must be disabled before running the playbook.
• "Required tool missing"
  • Make sure that the needed software is installed, and paths are set correctly in the playbook.
  • For other errors, look at the logs for details. You can click View Logs Folder on the summary page.
• "Waiting for Process to Launch  - Memory Playbooks."
  • In playbooks like MA_Process_MemoryLeak.yml, while enabling or disabling gFlags, SSSO stops the process and expects it to restart.
  • Ideally, the process starts automatically. But, sometimes the process might not start if the playbook is run multiple times within a short duration.
  • In that case, SSSO is waiting for the process to start. If you see that the process isn't started for a long time, check and manually start the process. If it's a service like masvc.exe, start it through the Windows Service Control Manager.