Endpoint Standard: How to Use ProcDump to Gather Application / Service Crash Logs
Article ID: 290711
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Gather logs for crashing Applications or Services.
Environment
- Endpoint Standard (formerly CB Defense sensor): All Supported Versions
- Microsoft Windows: All Supported Versions
- Applications or Services crash with Sensor installed and active
Resolution
- Download ProcDump tool via https://docs.microsoft.com/en-us/sysinternals/downloads/procdump
- Open a Command Prompt window with Administrator access
- Navigate to the folder you have saved ProcDump in
- Execute the command "procdump -ma -i" to set procdump.exe as the Default Debugger on the Device
- Recreate the issue that caused the application / service to crash previously
- The logs will be generated in the same directory as procdump.exe is executed from
- Upload logs to the CB Vault
Additional Information
Any additional error messages generated by the application / service during the crash should be captured with screen shots as they may be helpful. Please include the time they occurred as this will be helpful in log review.
Feedback
Yes
No
Powered by
