Gathering A Complete/ Full Memory Dump
Article ID: 286452
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
To configure and gather a Complete Memory Dump
Environment
- All Products
- Microsoft Windows: All Supported Versions
Resolution
Step 1: Configure Complete Memory Dump
A Kernel and Small memory dumps are generally not verbose enough to find root cause.
- Open Control Panel > System and Security > System > Advanced System Settings
- Alternatively: Run > SystemPropertiesAdvanced
- Choose the Advanced tab > Startup and Recovery > Settings and verify:
- Write debugging information: Complete Memory Dump.
- Dump file: Path specified exists and has enough free space.
- Select OK to set, then Apply in the System Properties page
Optional (If requested by support): Enable system crashes to be initiated via keyboard input
This is generally useful for instances when a machine is not necessarily crashing (BSOD), but is locked up.
- Backup the Windows registry
- Edit the registry as per the Microsoft article: Forcing a system crash from the keyboard
- Reboot
Step 2: Gather the .dmp file
- Either wait for the for the system to crash or (if instructed by support) force the system crash.
- Gather the .dmp file from the location specified in section "Step 1: Configure Complete Memory Dump"
Feedback
Yes
No
Powered by
