Carbon Black Cloud: What type of memory dump is generated in a Live Response session?
search cancel

Carbon Black Cloud: What type of memory dump is generated in a Live Response session?

book

Article ID: 292197

calendar_today

Updated On:

Products

Carbon Black Cloud Audit and Remediation (formerly Cb Live Ops) Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

What type of memory dump is generated in a Live Response session?

Environment

  • Endpoint Standard Sensor 3.5.0.1523 and higher
  • Microsoft Windows: All Supported Versions

Resolution

The memory dump generated over a Live Response session quickly collects a kernel memory dump (and user space, if kernel debugging is enabled).

For example, the command below will create a dump in c:\temp:
  
memdump c:\temp\kernel.dmp



 

Additional Information

If a full memory dump is required, follow the instructions here, please note a reboot will be required.
Powered by Wolken Software