search cancel

How to collect application crash dumps from Windows 2008 Server and newer


Article ID: 162548


Updated On:


Endpoint Protection


What happened to Dr. Watson in Windows 2008?  Dr. Watson was replaced with Problem Reports and Solutions / Windows Error Reporting.

During the course of troubleshooting, it might be necessary to analyze why a particular Symantec process has performed an Application Fault or crashed.

When an application produces a fault within Windows 2008 and newer, a .dmp file is not produced with the default Windows settings.  You will need to configure the OS to produce and store .dmp files.


For Windows 2008 and newer, follow these steps as per this Microsoft Article:
1. Launch Regedit
2. Navigate into HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting
3. Create a new Key called LocalDumps
4. Select LocalDumps and create three new entries:
     A. DumpFolder of type REG_EXPAND_SZ    give it a path value of an existing folder where you want the crash dump files to appear when an event occurs.
     B. DumpCount of type REG_DWORD   give it a value of decimal 10
     C. DumpType of type REG_DWORD   give it a value of decimal 2
NOTE: No reboot is required to activate these keys.