Gathering A Complete/ Full Memory Dump
search cancel

Gathering A Complete/ Full Memory Dump


Article ID: 286452


Updated On:


Carbon Black App Control (formerly Cb Protection) Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter) Carbon Black EDR (formerly Cb Response)


To configure and gather a Complete Memory Dump


  • All Products
  • Microsoft Windows: All Supported Versions


Step 1: Configure Complete Memory Dump

A Kernel and Small memory dumps are generally not verbose enough to find root cause.

  1. Open Control Panel > System and Security > System > Advanced System Settings
    • Alternatively: Run > SystemPropertiesAdvanced
  2. Choose the Advanced tab > Startup and Recovery > Settings and verify:
    • Write debugging information: Complete Memory Dump.
    • Dump file: Path specified exists and has enough free space.
  3. Select OK to set, then Apply in the System Properties page

Optional (If requested by support): Enable system crashes to be initiated via keyboard input

This is generally useful for instances when a machine is not necessarily crashing (BSOD), but is locked up.

  1. Backup the Windows registry
  2. Edit the registry as per the Microsoft article: Forcing a system crash from the keyboard
  3. Reboot

Step 2: Gather the .dmp file

  1. Either wait for the for the system to crash or (if instructed by support) force the system crash.
  2. Gather the .dmp file from the location specified in section "Step 1: Configure Complete Memory Dump"