Generate Agent Dump Files Using Procdump
search cancel

Generate Agent Dump Files Using Procdump

book

Article ID: 286237

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

How to create a memory dump file for the Agent using ProcDump.

Environment

  • App Control Agent: All Supported Versions
  • Microsoft Windows: Vista and higher.
  • Microsoft Windows: Server 2008 and higher.
  • ProcDump: Any Version

Resolution

  1. Download ProcDump from Microsoft and extract it on the endpoint (Ex: C:\Dumps\)
  2. Use an administrative command prompt to temporarily disable Tamper Protection: 
    cd "C:\Program Files (x86)\Bit9\Parity Agent"
dascli password <your global or CLI password without the breaks>
dascli tamperprotect 0
  3. Configure ProcDump to monitor for the Agent service to crash: 
    cd "C:\Dumps"
procdump.exe -e -ma -w parity.exe
  4. This window must remain open at all times, otherwise ProcDump will stop monitoring the Agent service.
  5. Recreate the issue.
  6. After parity.exe crashes a dump should be generated in C:\Dumps\
  7. Zip the dump and provide to Support.

Additional Information

ProcDump can be set as the Default Debugger with the following command in an administrative command prompt:

procdump -ma -i

Subsequent dumps will be generated in the same directory as ProcDump

Powered by Wolken Software