Windows 10: What generates masses of mat-debug*.log files?

Windows[German]I'm posting another topic here on the blog that a reader asked me about at the beginning of May 2024. He notes that the Defender Core service under Windows 10 Pro was started unexpectedly just over a month ago. Since then, the reader's Temp folder has been flooded with files with the pattern mat-debug*.log. There seems to be no configuration option. During a brief internet search, however, I found that these log files have been discussed in various scenarios since 2019. I am interested to know if anyone else has made this observation.


The Microsoft Defender Core service

An overview can be found in this support article from Microsoft. According to this support article, the Microsoft Defender Core service was released to improve endpoint security and support the stability and performance of Microsoft Defender Antivirus. The Microsoft Defender Core service will be released with Microsoft Defender Antivirus platform version 4.18.23110.2009. Microsoft has published the following dates for the rollout.

  • November 2023 to present to customers in advance (i.e. a preview).
  • Mid-April 2024 for enterprise customers running Windows clients.
  • Mid-June 2024 for US government customers running Windows clients.

The timeline is important to understand for subsequent reader observations. Microsoft states that enterprise customers should allow the following URLs because the Defender Core service communicates with these URLs.


The Microsoft support article contains further information on URLs that are used to communicate if you do not want to allow wildcard URLs.

A process generates .log files

A blog reader contacted me by email on May 3, 2024, and wrote that "about a month ago, the Defender Core service started unexpectedly on the Win10Pro." The reader suspects that this was done by the OneSetting service. The "vague statement" about a month ago is roughly in line with the Microsoft rollout dates above.


The reader noticed the whole thing because mat-debug****.log files suddenly appeared in the Temp folder. According to the blog reader, apart from the policy for the OneSetting service, no configuration is possible with regard to these log files. The [service] is not active on a computer that is not connected [to the Internet], the reader wrote in his email. He suspects an "Experimentation Configuration Service" that Microsoft is unleashing on users.

However, I found the section Use PowerShell to update the policies for Microsoft Defender Core service in the Microsoft support article, where you can study various guidelines for configuring the Core service. You can disable telemetry and the Core Service ESC integration. Addendum: Finally I found a post mat-debug created by MS Defender on W11 in Temp folder – HELP! at MS Answers, that's from May 17, 2024, mentioning the same observation – Defender creates the mat-debug***.log files.

Old sources on the web

I searched the internet for mat-debug log files. The first hits in the Microsoft Answers forum can be found as early as 2019 (see mat-debug-xxxx.log files in temp folder), where it is stated that the files have a length of 0. There is also a post mat-debug-xxxx.log files in the Microsoft Answers forum from 2020 that deals with these files. So it cannot be exclusively related to the Defender Core service that the log files suddenly end up in the blog reader's temp folder. In both Microsoft Answers forum threads linked above, there is a note (see here) that the user should reinstall the graphics driver. The effect is caused by an unsigned driver.

From December 2023 there is the Microsoft Answers forum thread What's the purpose of mat-debug-*.log files created by msteamsupdate.exe, in which the Microsoft Teams update process is named as the cause. The thread starter states that he found out via Process Monitor that the .log files are written by msteamsupdate.exe and ms-teamsupdate.exe.

There is also this thread on, which shows that the log files are written when an update goes wrong. OneDrive and Microsoft Office were mentioned. Susan Bradley blames the OfficeHub. However, the findings on the Internet are not really satisfying. Hence the question: Has anyone else found these log files in their Windows temp folder or user profile, and does anyone know the cause?

Created from MS Tools, Apps and Services

Addendum: A blog reader posted below some answers from AI bots, explaining the purpose of the log files (fun fact: If I ask with Copilot, the answers quotes my German blog post with the content provided above).

An the first comment below it days: The mat-debug*.log files in Windows 10 are generated by the Microsoft Application Compatibility Toolkit (MAT) when it is used to diagnose and troubleshoot compatibility issues with applications running on the Windows operating system. However, the MAT is not offered for Windows 10. But there seems to be a successor tool for Windows 10 and Windows 11, which developers at Microsoft and other software manufacturers use.

These log files contain information about the problems or errors encountered by "MS Applications and Services". Scenarios in which log files are generated:

  • Performing compatibility tests for specific applications to identify compatibility issues with the Windows operating system.
  • Analyzing reports of application crashes and creating detailed logs to determine the root cause of the problem.
  • Gathering information about system configurations, software installations and other factors that may affect application compatibility.
  • Troubleshooting compatibility issues with older applications or software that is not fully compatible with newer versions of Windows.

This is also the explanation why I found different causes for the generated log files. And it doesn't look like you can control anything – the developer has sovereignty over whether log files are generated or not.

In another answer cited below from a AI bot, it says that the temporary mat-debug-####.log files are generated by various Microsoft applications and services under Windows 10.

Similar articles
Windows temp folder flooded with Aria-debug-xxx.log files
Windows 10/11: Edge fills up the Temp folder with Edge_BITS_xxx files
Windows Temp folder flooded with "computer name-yyyMMdd-hhmm.log" files
Windows: Login to client in a domain extremely slow because of TEMP files

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Windows and tagged , , , . Bookmark the permalink.

5 Responses to Windows 10: What generates masses of mat-debug*.log files?

  1. Anonymous says:

    Explanation from llama-2-70b-chat model:
    The mat-debug*.log files in Windows 10 are generated by the Microsoft Application Management (MAM) service, which is responsible for managing and monitoring applications on the system. The MAM service uses various log files to record events and debug information related to application management, including the mat-debug*.log files.

    The following are some common causes that can generate the mat-debug*.log files in Windows 10:

    1. Application installations or updates: When an application is installed or updated, the MAM service may create a new log file or append to an existing one to record the event and any relevant details.

    2. Application crashes or errors: If an application crashes or encounters an error, the MAM service may create a log file entry to record the issue and provide debugging information.

    3. System events: The MAM service may also create log file entries in response to system events such as software updates, system restarts, or changes in application settings.

    4. User interactions: User interactions with applications, such as clicking on a button or navigating between screens, can also generate log file entries as part of normal application usage tracking.

    5. Debugging purposes: Developers and IT professionals may intentionally create log files during debugging sessions to diagnose issues with applications running on Windows 10 systems. In this case, they would manually generate these logs while investigating specific issues within their codebase by using tools like Visual Studio Code's Debugger extension which allows them access at different levels (Source Level/Machine Level) depending on what type of project it is (e..g., web apps). This allows them greater insight into how things work underneath hood so that problems can be fixed quickly efficiently without causing too much disruption end users who rely upon these services every day!).

  2. Anonymous says:

    Explanation from GPT-3.5-turbo LLM:

    The mat-debug*.log files in Windows 10 are generated by the Microsoft Application Compatibility Toolkit (MAT) when it is used to diagnose and troubleshoot compatibility issues with applications running on the Windows operating system. These log files contain information about the compatibility tests performed by MAT and any issues or errors encountered during the process. Some common causes that generate these log files include:

    1. Running compatibility tests on specific applications to determine compatibility issues with the Windows operating system.
    2. Analyzing application crash reports and generating detailed logs to identify the root cause of the issue.
    3. Collecting information about system configurations, software installations, and other factors that may impact application compatibility.
    4. Troubleshooting compatibility issues with legacy applications or software that may not be fully compatible with newer versions of Windows.

    Overall, the mat-debug*.log files are generated as part of the troubleshooting process to help diagnose and resolve compatibility issues with applications running on Windows 10.

  3. Anonymous says:

    Explanation from

    The mat-debug-####.log files are temporary log files generated by various Microsoft applications and services on Windows 10. The most common causes are:

    1. Microsoft Office applications like Excel, Word, etc. These applications create mat-debug logs during their normal operation, likely for debugging purposes.

    2. OneDrive sync issues or incorrect OneDrive setup can trigger the creation of mat-debug logs as well as aria-debug logs.

    3. Issues with certain Windows components like COM Server applications can also lead to the generation of these log files.

    4. Driver issues, particularly with graphics drivers from NVIDIA or AMD, have been reported to cause mat-debug logs.

    5. Windows Updates may sometimes be responsible for the sudden appearance of these log files, although the exact cause is unclear.

    While the log files themselves are generally harmless, their constant generation can clutter the temp folder and be an annoyance. To resolve this issue, the recommended steps are:

    1. Uninstall and reinstall the latest graphics drivers if you suspect a driver issue.

    2. Reset or reinstall OneDrive if you face syncing problems.

    3. Repair or reinstall Microsoft Office if Office apps seem to be the culprit.

    4. Change permissions for problematic COM Server applications in the registry as outlined in some solutions.

    5. Boot into Safe Mode and clear the temp folder to remove any residual logs.

  4. Advertising

  5. Just call me Flyer says:

    Thanks for bringing this to your site. Not sure if this is any help. In my case the search app has a critical error in the Event Log. But that's because I disable search, because it's an app. But going on the assuption that an app, (or a developer's app) could be causing the mat-debug file to be created, that gives no answer or reason for Microsoft Defender to lock the file. And there lays my concern. The mat-debug file is empty, zip, nada nothing in text. I also noticed aother file, ( is also created with 2 lines:
    The file name and numbers seem to change on the next restart after closing the handle of the mat-debug file and delete it. They seem to stay the same if I don't close the handle and restart.
    I thought they might be registry entrys, but after a search of the registry, no results were found.
    So, as concerning as it seems to me, hopefully an update fixes this issue. I'll spare you my real opinion, but Thank you again for bringing this to your site.

Leave a Reply

Your email address will not be published. Required fields are marked *