How to collect a memory dump to aid in troubleshooting high memory issues caused by the sensor

• EDR Sensor: All Versions
• Microsoft Windows: All Supported Versions

1. Set the system to full memory dump collection 
2. High Memory but Download Notmyfault from Microsoft Sysinternal Tools and extract to a local folder
   • If the system is freezing due to high memory consumption, please follow Creating a Windows Crashdump Via Keyboard
3. Capture the following information during high memory consumption
   • Process Memory Dump
     1. Open task manager
     2. Find cb.exe under the process tab
     3. Right click cb.exe and select Create dump file 
   • Full system memory dump (Note: This will force create a BSOD that creates a memory dump)
     1. Open cmd
     2. At the command line, type NotMyFault64.exe /crash then press enter
     3. Note: for x86 systems, use NotMyFault.exe
4. Zip the C:\Windows\MEMORY.dmp file
5. Collect the sensor diagnostics
6. Upload the Compressed Memory dump and Sensor Diags to support

• It's important to collect these during the high points of memory consumption in order to get an accurate reading of the root case
• Full memory dump is required to get root cause, a minidump will only provide a small amount of info that may not result in getting resolution