Environment

• Carbon Black Cloud Console: All Versions
• Microsoft Windows: All Supported Versions

Objective

Resolution

1. Identify the Device ID/Name
2. Enable UMDH Logging
3. Put the sensor in Unprotected Mode.
4. Collect User dump
   1. Download procdump.exe from https://live.sysinternals.com/
   2. Create a folder “c:\umdhdumps” and copy procdump.exe to the folder.
   3. Open CMD/DOS Window in Local Admin account and navigate to c:\umdhdumps
   4. repcli bypass 1 (Note: use CMD/DOS Window that is in C:\Program Files\Confer).
   5. run “procdump -ma RepMgr-PID” to create first user dump file of repmgr.exe in folder c:\umdhdumps.
   6. repcli bypass 0 (Note: use CMD/DOS Window that is in C:\Program Files\Confer).
   7. Use task manager to monitor the repmgr memory growth and we will collect two more user dumps at two different memory usage levels. 
   8. Example Scenario, repmgr memory usage 80-90% the endpoint experiences performance issue. Soon as we restart the service collect 1st dump to provide us a baseline. Second sample we will capture at 50% of memory usage and the third one at 75% usage following the steps below.
      1. repcli bypass 1 (Note: use CMD/DOS Window that is in C:\Program Files\Confer).
      2. run “procdump -ma RepMgr-PID” to create first user dump file of repmgr.exe in folder c:\umdhdumps.
      3. repcli bypass 0 (Note: use CMD/DOS Window that is in C:\Program Files\Confer).
   9. Zip up the 3 sets of user dumps (Start, 50% and 75%) in c:\umdhdumps for postmortem analysis.
5. Collect Sensor Logs Locally 
6. Rollback settings after collecting all 3 dump files
   1. repcli bypass 0 (Note: use CMD/DOS Window that is in C:\Program Files\Confer).
   2. Delete registry Key defined in UMDH Logging
   3. Re-Enable Protected Mode in the additional notes section of Unprotected Mode KB.
7. Create a Support Case including the UMDH and Sensor Logs. 

Related Content