search cancel

How to collect application crash dumps from Windows 2008 Server and newer

book

Article ID: 162548

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Overview:
What happened to Dr. Watson in Windows 2008?  Dr. Watson was replaced with Problem Reports and Solutions / Windows Error Reporting.

Troubleshooting:
During the course of troubleshooting, it might be necessary to analyze why a particular Symantec process has performed an Application Fault or crashed.

When an application produces a fault within Windows 2008 and newer, a .dmp file is not produced with the default Windows settings.  You will need to configure the OS to produce and store .dmp files.

Resolution

Solution:
For Windows 2008 and newer, follow these steps as per this Microsoft Article: msdn.microsoft.com/en-us/library/bb787181(VS.85).aspx
 
1. Launch Regedit
2. Navigate into HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting
3. Create a new Key called LocalDumps
4. Select LocalDumps and create three new entries:
     A. DumpFolder of type REG_EXPAND_SZ    give it a path value of an existing folder where you want the crash dump files to appear when an event occurs.
     B. DumpCount of type REG_DWORD   give it a value of decimal 10
     C. DumpType of type REG_DWORD   give it a value of decimal 2
 
NOTE: No reboot is required to activate these keys.