Endpoint Standard: "CrashDumpEnabled" Registry Configuration Changes on System Restart
search cancel

Endpoint Standard: "CrashDumpEnabled" Registry Configuration Changes on System Restart

book

Article ID: 290893

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

  1. The value of key: HKLM\System\CurrentControlSet\Control\CrashControl\CrashDumpEnabled is being changed forcefully to "1" after a re-start when the value is being modified to "7".
  2. If a change to "Write debugging information" is made in Backup and Recover advanced settings, a Windows reboot always results in that setting reverting to "Complete Memory Dump"

Environment

  • Endpoint Standard: All supported versions
  • Microsoft Windows: All supported versions

Cause

The above behaviour is by default so that if a crash occurs a dump is saved for diagnostic purposes. 

Resolution

  • This setting can be disabled in 2 ways:
    • At the time of install by specifying AUTO_CONFIG_MEM_DUMP=0 on the msiexec command line
    • Post-install:
    1. Put the sensor into Bypass mode
    2. Edit C:\Program Files\Confer\cfg.ini file  
    3. Add the following: 
      ConfigureMemoryDumpSettings=0
    4. Reboot the endpoint
    5. Take the sensor out of bypass mode

 

Additional Information

Must also have the following setting enabled in the Windows Operating System taken from the related KB: https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-Pagefile-grows-when-3-4-0-1097-or-higher/ta-p/88627 
  1. Go to Advanced System Settings > Advanced > Startup & Recovery >Settings > Write Debug Info
  2. Set to value to "Automatic" > Save
Powered by Wolken Software