logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

EDR: Live Response - Error Getting Memdump: Remote Error HRESULT 0x8000ffff

EDR: Live Response - Error Getting Memdump: Remote Error HRESULT 0x8000ffff

Environment

  • EDR Server: 5.1.1 and Higher

Symptoms

Error message seen when trying to create a memory dump through live response: 
Error getting memdump: Remote error HRESULT 0x8000ffff

Cause

If the folder is non-existent, or a file name is not being specified, the memory dump will not create.

Resolution

Specify the folder path and name of the file when running the memdump command.

Additional Notes

  • When memdump command run in a directory that is known to exist on the endpoint, there will be a spinning icon acknowledging that the server has made the call and is waiting for the memory dump to be sent up. Once it is complete, the Live Response page will give a pop-up to download and save the file locally.
  • Live Response can be used to create a folder in a specific directory, using the "mkdir" command.
  • Memdumps cannot be created directly to a remote IP - they must be created locally on the endpoint with Live Response.

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎03-11-2019
Views:
1522
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.