App Control: How to generate agent dump files using ProcDump
search cancel

App Control: How to generate agent dump files using ProcDump


Article ID: 286237


Updated On:


Carbon Black App Control (formerly Cb Protection)


To create a memory dump file for the App control Agent using ProcDump.


  • App Control Agent: All versions.
  • Microsoft Windows client: Vista and higher.
  • Microsoft  Windows Server :2008 and higher.
  • ProcDump: any version



  1. Logon into the affected end point.
  2. Download ProcDump from and unzip and place it in C:\Dumps
  3. Disable tamper protections from Assets —> Computers —> View machine details —> on the right hand side select ‘Disable Tamper Protection’ or by executing a CMD as admin in the affected end point and enter the below commands :
    cd "C:\Program Files (x86)\Bit9\Parity Agent"
    dascli password <your global or CLI password without the brakes>
    dascli tamperprotect 0
  4. Open an elevated command prompt and enter the following:
    cd "C:\Dumps"
    procdump.exe -e -ma -w parity.exe
  5. Leave this window open at all times, even if you logout from there machine, otherwise the ProcDump will stop running and it needs to be constantly monitoring until the issue is detected.
  6. Once the parity.exe crashes it should generated a dmp file in C:\Dumps, please zip this files and upload to the cb vault

Additional Information