What exact files and registry entries has SupportAssist deleted/modified/created?

HI Nuama,

Thanks for contacting us on the forum. This information is currently not displayed in the SupportAssist application, Neither the details are stored in the file system as a log file for this application. I can refer this as a request to the product team.

Thanks

Kusuma.

I think this is completely unacceptable.
It is not possible for a program to decide what to delete from the PC without asking before for confirmation and giving a correct report at the end.

We are talking about a program that remove applications and registry keys, but does not tell us which ones.
Does it a backup first?
Not well at all. I am removing this software

In my organization, this software caused (and still causing) a lot of issues.

- Netlogon set to manual

- Completely 'destroyed' my AppV infrastructure

I'm struggling to understand the changes made to avoid to re-install 30+ PC.

This is unacceptable: we NEED a DETAILED list of changes made by this software.

Would be really nice to know what this program changed of my network settings. Since running the optimization, websites usually do not load first time causing me to have to refresh page. While browsing some sites load incomplete. I never had this issue before.

I tracked down the registry (deleted and, most importantly, modified) to revert my configuration... at least, this is related to my PCs.

I can't post the entire list due to post limitation (20.000 characters). Here's the 'modified' list of registry keys: 

MODIFIED:
"Time of Day","Process Name","PID","Operation","Path","Result","Detail"
"10:17:48,3600755","SRE.exe","3092","RegSetValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\WBEM\CIMOM\Log File Max Size","SUCCESS","Type: REG_SZ, Length: 12, Data: 65536"
"10:17:48,7796978","SRE.exe","3092","RegSetValue","HKCU\Software\Classes\Local Settings\MuiCache\3\52C64B7E\LanguageList","SUCCESS","Type: REG_MULTI_SZ, Length: 20, Data: en-US, en"
"10:17:48,7805957","SRE.exe","3092","RegSetValue","HKCU\Software\Classes\Local Settings\MuiCache\3\52C64B7E\LanguageList","SUCCESS","Type: REG_MULTI_SZ, Length: 20, Data: en-US, en"
"10:17:48,7817972","SRE.exe","3092","RegSetValue","HKCU\Software\Classes\Local Settings\MuiCache\3\52C64B7E\LanguageList","SUCCESS","Type: REG_MULTI_SZ, Length: 20, Data: en-US, en"
"10:17:48,7827811","SRE.exe","3092","RegSetValue","HKCU\Software\Classes\Local Settings\MuiCache\3\52C64B7E\LanguageList","SUCCESS","Type: REG_MULTI_SZ, Length: 20, Data: en-US, en"
"10:18:53,3058439","SRE.exe","3092","RegSetValue","HKLM\System\CurrentControlSet\Services\cdrom\AutoRun","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"10:18:53,3060084","SRE.exe","3092","RegSetValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun","SUCCESS","Type: REG_DWORD, Length: 4, Data: 91"
"10:18:53,3064898","SRE.exe","3092","RegSetValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun","SUCCESS","Type: REG_DWORD, Length: 4, Data: 91"
"10:18:53,3068719","SRE.exe","3092","RegSetValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DisableAutoplay","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"10:18:53,4920119","SRE.exe","3092","RegSetValue","HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management\DisablePagingExecutive","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"10:18:53,5614223","SRE.exe","3092","RegSetValue","HKLM\System\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"10:18:53,5825960","SRE.exe","3092","RegSetValue","HKLM\System\CurrentControlSet\Services\Netlogon\Start","SUCCESS","Type: REG_DWORD, Length: 4, Data: 3"
"10:18:53,7470142","SRE.exe","3092","RegSetValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{4516042d-0000-0000-0000-602200000000}\MaxCapacity","SUCCESS","Type: REG_DWORD, Length: 4, Data: 11419"
"10:18:53,9002228","SRE.exe","3092","RegSetValue","HKLM\System\CurrentControlSet\Services\WbioSrvc\Start","SUCCESS","Type: REG_DWORD, Length: 4, Data: 3"
"10:18:53,9941410","SRE.exe","3092","RegSetValue","HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"10:18:53,9947237","SRE.exe","3092","RegSetValue","HKCU\Software\Microsoft\Windows Script Host\Settings\Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"10:18:54,1328678","SRE.exe","3092","RegSetValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"10:18:54,1329107","SRE.exe","3092","RegSetValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"10:18:54,1329330","SRE.exe","3092","RegSetValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"10:18:54,1329541","SRE.exe","3092","RegSetValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"10:18:54,1359880","SRE.exe","3092","RegSetValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"10:18:54,1360074","SRE.exe","3092","RegSetValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"10:18:54,1360224","SRE.exe","3092","RegSetValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"10:18:54,1360402","SRE.exe","3092","RegSetValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"

I have "the same" issue. 
After the "Tune Performance" from Support Assist my SCCM has issues with some of the deployed applications.
All applications with the "detection method" checking the Windows Installer MSI GUID cannot be recognized from sccm. The applications are still working and are still installed but after the Support Assist Tune Performance SCCM cannot manage them.

Che the two most important modified 'things': the Netlogon service set to manual and NtfsDisable8dot3NameCreation set to 'false' (registry key).

The "Settings" for SupportAssist is completely worthless. 

For example, for the "Clean Files" function "settings" ought to allow one to pick and choose what files are to be "cleaned."  In particular, I don't want my "Recycle Bin" monkeyed with.  Apparently SupportAssist emptied my Recycle Bin without my knowledge or permission.  I was/am very upset by this turn of events.

For the "Tune Performance" function, I don't have a clue what functions are being altered.  I want to have some control over this.

Another cleanup/tuneup tool that messes up with your computer. What is even worse that it doesn't even wait for your permission to start, as soon as you click on the SupportAssist popup message (even if just out of curiosity), it immediatelly starts deleting your files and editing your registry, and in the end it doesn't even tell you what it did. It's basically a glorified malware. I suggest anyone to remove it.

Anyway, i found some information that might be helpful for others with same problem.
In 'C:\ProgramData\SupportAssist\Client\Agent\reports\G6LJNQ2_SupportAssistClient_20181012093950_log\ExtendedLogs', where '20181012093950' is date and time of the scan and 'G6LJNQ2' god knows what, i found files that contain a list of deleted files and registry entries. However i couldn't find the list of modified registry entries (such as the Winlogon, DisablePagingExecutive, NtfsDisable8dot3NameCreation, WbioSrvc, etc). Hope this helps you to restore at least some of the damage.

Now, this is just outrageous. This is the most ridiculous, malicious piece of software I've stumbled upon in quite some time, by a long shot. I consider myself a rather experienced and cautious PC user who stays clear of dodgy optimizer software, scareware and similar kind of garbage. I am able to take care of my computer, thank you very much. If I have a problem or a need to change any configuration detail, I research the issue and then make a calculated and informed decision on if and how to proceed, taking notes of the changes and backing up the configuration. The very last thing I expected is the built-in Dell malware on my new laptop messing with my PC: deleting files and registry entries willy-nilly, changing my settings to the values some random guy at Dell somewhere thought I should have on MY computer. And all that without any kind of prompt for confirmation  - before and summary - after. You just click the Windows Action Center notification out of curiosity and BAM! - a minute later it deletes files from your disk and makes countless undisclosed arbitrary modifications to your registry. I didn't see that coming! How is it possible that whoever at Dell thought that would be a great idea, not only wasn't given a few days off to cool down but actually got it implemented, is beyond me. I'm so angry now. I'd proceed straight to System Restore if only I hadn't had problems with it on recent Windows 10 builds. I'm genuinely considering a fresh Windows 10 reinstall right now as a means of loss aversion - better to waste few hours now than to fight any potential problems down the line, resulting from built-in Dell malware messing with my system's registry. Seriously, WHAT IS WRONG WITH YOU, Dell people?!

is the Service Tag of your laptop. Using it, anyone can find out the hardware configuration of your device, the date of purchase and the country of purchase. You should not post it on public forums. I believe a moderator will redact it.

I had the same issue as a previous commenter with pages failing to load after network optimization.

The network optimizer adds the following registry key:

\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\NetworkThrottlingIndex

You can remove it using registry editor, it was not present in my default windows install.

Today I was prompted to run a scheduled scan.  Previously this was just hardware diagnostics.

Today I came back to the computer and it was running its freaking "clean up disk space", it deleted thousands of files!  I checked the log and it deleted stuff from temp, it deleted logs, 'recent documents' items, etc.  It also emptied my recycle bin and deleted a bunch of stuff in the registry!  In what universe does "scan" mean "delete arbitrary stuff without confirmation or prompting"?! This is little better than a virus!

"Also you can just stop it from scanning for the extra scans by disabling the Auto-optimize"

Unfortunately, that's false.  Home - Gear - Settings, tab Scheduled scans, setting Enabled automated system scans.  I had left it unchecked, but it did a scan this morning anyway.  If the box had been checked, today would have been the day (it was set for the 19th of each month), but without the box being checked, nothing should have been done.

I came to the machine this morning, and it was sitting in "Clean Files".  I tried to restart the system immediately as a way to nuke it, but damned Oracle Virtualbox hung and kept it from rebooting.  I'll look at the log directories to try to figure out what it might have done.  (The home screen for it says "No saved", but does that mean that it killed things without saving something?)