Troubleshooting Kernel Panics, System Crashes or Blue Screen of Death (BSOD) Issues
search cancel

Troubleshooting Kernel Panics, System Crashes or Blue Screen of Death (BSOD) Issues

book

Article ID: 286040

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Steps for troubleshooting kernel panics, system crashes or blue screen of death (BSOD) type issues.

Environment

  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions
  • Linux: All Supported Versions
  • Apple macOS: All Supported Versions

Resolution

Initial Troubleshooting

  1. Verify the impacted machine is:
  2. Verify the Agent Exclusions are present in any installed third-party security applications (e.g. antivirus, firewall, real-time scanner, vulnerability scanner, etc.).

 

If the issue persists

Collect the following items & details before opening a case with Support

  1. Full OS version and build
  2. Agent version being used
  3. List of any/all other security software installed
  4. Confirmation of whether the issue can be recreated or not, and if so how
  5. All logs for the relevant platform from below

Windows:

  1. Export a copy of the Event Viewer Logs.
  2. Complete Memory Dump
  3. Agent Historical Logs

Linux:

  1. Use Terminal to collect and zip the crash dump files that are written by default to: /var/crash and /var/log
    sudo tar cvfz /var/tmp/$HOSTNAME-CrashLogs.tgz /var/crash
    sudo tar cvfz /var/tmp/$HOSTNAME-SystemLogs.tgz /var/log
  2. If the vmcore files are missing, please verify that the Kdump service is active using steps in this KB
  3. Check if the default path for writing crash logs has been modified in the config file: /etc/kdump.conf
  4. Collect the Agent Historical Logs:
    cd /opt/bit9/bin
    sudo ./b9cli --capture /var/tmp/$HOSTNAME-AgentLogs.tgz
  5. Output of the kernel version:
    uname -r

macOS:

  1. Use Terminal to collect the System Logs:
    system_profiler -detailLevel full > ~/Desktop/`hostname`-sysinfo.txt
    tar -cvf ~/Desktop/`hostname`-DiagnosticReports.tar /Library/Logs/DiagnosticReports
  2. Use Terminal to collect the Agent Historical Logs:
    cd /Applications/Bit9/Tools
    ./b9cli --capture ~/Desktop/`Hostname`-AgentLogs.zip