Carbon Black Cloud: Steps To Enable Full Dump For BSOD
Carbon Black Cloud Sensor
Microsoft Windows: All Supported Versions
How To Enable Full Memory Dump
* Full Memory Dump Instructions *
Copy the following text into notepad and save the file with a «.reg» extension.
Windows Registry Editor Version 5.00
;* Configures the system to save a complete memory dump upon bug check.
;* Note: You will also need to ensure that the page file on C: is larger than the amount of installed RAM.
;* Configures the system to manually crash by holding down the right Ctrl key and pressing the Scroll Lock key twice
Backup the Windows registry
Import above .reg file by clicking on it twice and accepting when prompted for confirmation
Navigate to the paths above in the registry to confirm the values were successfully imported
Ensure the pagefile is larger than the amount of installed RAM, normally by at least 300 MG (System Properties → System → Change Settings → Advanced → Performance → Advanced → Virtual Memory/Change)
Reboot the machine
Full memory dump will be generated should the machine present a blue screen of death (BSOD)
To force the BSOD upon system hang, while in the hung state, hold the «Control» Key, while holding it, press the «Scroll lock» button twice, a full memory dump should be generated in the %SystemRoot%\memory.dmp directory (typically c:\windows\memory.dmp)
Collect the .dmp file, compress it as .zip and kindly upload into the case
From the same machine, after rebooting, run an elevated command prompt (right click cmd.exe and run as admin) and run:
sc control cbdefense 128
"c:\program files\confer\repcli.exe" capture
Rename the resulting file (psc_sensor.zip) by prepending the hostname to it, from C:\WINDOWS\TEMP\cb-temp\ and please also upload into the case