CB Response: LiveResponse memdump "compress" parameter does not work with Windows endpoints

search cancel

CB Response: LiveResponse memdump "compress" parameter does not work with Windows endpoints

book

Article ID: 288124

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Using the "compress": "true" parameter while issuing a memdump command in CB LiveResponse fails
Error similar to:

[{"status": "error", "username": "<username>", "sensor_id": <XXX>, "object": "c:\\path\\filename.dmp", "create_time": <date>, "id": 1, "completion": <date>, "name": "filename", "session_id": <XXX>, "result_desc": "'true' has type <type 'str'>, but expected one of: (<type 'bool'>, <type 'int'>)", "result_type": "CbError", "result_code": 1}]

Environment

CB Response 6.x
Microsoft Windows: All Supported Versions

Cause

There is a known issue with the "compress" parameter on Windows endpoints. Currently, this functionality is only available for Linux endpoints.

Resolution

No workarounds are available for Windows endpoints at this time.

Additional Information

Memdumps can still be generated for Windows endpoints, but they cannot be compressed.

Feedback

thumb_up Yes

thumb_down No