App Control: How to collect Agent User Dump Files using DebugDiag
Article ID: 286910
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
How to collect user dumps for an agent crashing randomly, using the Microsoft's DebugDiag tool
Environment
- App Control Agent: All Versions
- Microsoft Windows Desktop: 7,8, 8.1, 10
- Microsoft Windows Server: 2008,2008R2, 2012, 2012 R2, 2016, 2019
Resolution
- Disable the Agent Tamper Protection
- Install DebugDiag
- For Windows 7 and Server 2008 please download update 2.2
- Start DebugDiag and start a new rule
- Select Crash > A Specific Process > Select or Type in: Parity.exe
- Click Next (Do Not check the 'This process instance only' box)
- On the Advanced Configuration page:
- Action type for unconfigured first chance exceptions: Full Userdump
- Action Limit for unconfigured first chance exceptions: 10
- Maximum Number of Userdumps created by this rule: 10
- Name the rule and note the location where the saved files will be output
- Activate the rule now > Finish
- If an "Error while attaching to process" message is displayed then the agent TP is still active
- Wait for until Userdump Count shows 1 or more dumps
- Upload all userdump files to your case for review
Additional Information
- For Windows 7 and Server 2008 please download update 2.2
- If the crash is non-timetable you can leave debug diag running in the background. Unless closed, it will continue to monitor for a crash.
- If after the process exits, a dump file is still not generated, then a crash may not be occurring. Instead a process exit may be occurring.
Feedback
Yes
No
Powered by
