App Control: How to collect Agent User Dump Files using DebugDiag
search cancel

App Control: How to collect Agent User Dump Files using DebugDiag


Article ID: 286910


Updated On:


Carbon Black App Control (formerly Cb Protection)


How to collect user dumps for an agent crashing randomly, using the Microsoft's DebugDiag tool


  • App Control Agent: All Versions
  • Microsoft Windows Desktop: 7,8, 8.1, 10
  • Microsoft Windows Server: 2008,2008R2, 2012, 2012 R2, 2016, 2019


  1. Disable the Agent Tamper Protection
  2. Install DebugDiag
  3. Start DebugDiag and start a new rule
  4. Select Crash > A Specific Process > Select or Type in:  Parity.exe
  5. Click Next (Do Not check the 'This process instance only' box)
  6. On the Advanced Configuration page:
    • Action type for unconfigured first chance exceptions: Full Userdump
    • Action Limit for unconfigured first chance exceptions: 10
    • Maximum Number of Userdumps created by this rule: 10
  7. Name the rule and note the location where the saved files will be output
  8. Activate the rule now > Finish
    • If an "Error while attaching to process" message is displayed then the agent TP is still active
  9. Wait for until Userdump Count shows 1 or more dumps
  10. Upload all userdump files to your case for review

Additional Information

  • For Windows 7 and Server 2008 please download update 2.2
  • If the crash is non-timetable you can leave debug diag running in the background. Unless closed, it will continue to monitor for a crash.
  • If after the process exits, a dump file is still not generated, then a crash may not be occurring. Instead a process exit may be occurring.