How To Use Task Manager to Create a Dump File of a Running Process
Article ID: 291287
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Create a memory dump of a running process using Task Manager
Environment
- Microsoft Windows: Windows Vista and higher
- Microsoft Windows: Server 2008 and higher
Resolution
- Open Windows Task Manager
- If the application in question is 32-bit, open taskmgr.exe from the directory C:\Windows\SysWOW64
- Select the Processes tab
- Right-click the desired process
- Select Create Dump File
- Wait until a notification is presented for successful creation of the dump file
- A dialogue will appear with the location of the saved dump file
- After the file is created, go to the folder specified in the Dumping Process dialog in Windows Explorer to access the dump (.dmp) file
- Please compress the .dmp file and follow this to send it to support if needed
Additional Information
When uploading these files, please verify the time they were gathered and note the Sensor status in case Support has questions about if it was in Bypass or normal operation mode.
Feedback
Yes
No
Powered by
