By default, Windows Vista SP1/Windows 2008 and newer operating systems generate summary application crash data through Windows Error Reporting. Use these steps to configure Windows Vista Service Pack 1/Windows 2008 and newer computers to generate full application memory dumps when applications terminate unexpectedly.

For Windows Server 2008 and Windows Vista (SP1) and newer, follow these steps as per this Microsoft Article: https://docs.microsoft.com/en-us/windows/desktop/wer/collecting-user-mode-dumps

Configure dump settings for all applications

1. Open the following registry key in the registry editor:
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps
2. Create the following values under this key:

   Name	Type	Value
   DumpFolder	String Value	Full path to an existing folder on the system drive
   DumpCount	32-bit DWORD	4 (decimal)
   DumpType	32-bit DWORD	2 (decimal)

Configure dump settings for specific applications

Note: Specifying dump settings for specific applications will override the global application dump settings.

1. Create a registry key with the same name as the executable you wish to gather dumps from in the following location:
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Local Dumps\
   (For example, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps\MyApplication.exe)
2. Create the following values under this new (specific application) key:

   Name	Type	Value
   DumpFolder	String Value	Full path to an existing folder on the system drive
   DumpCount	32-bit DWORD	4 (decimal)
   DumpType	32-bit DWORD	2 (decimal)

Reproduce the problem

Recreate the fault and provide these items to Symantec Support:

• The crash dump files generated (these files will be located in the folder specified in the DumpFolder value set above)
• A SymDiag.sdbz data from the machine if available.