Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Response: Memdump Fails When Device Guard Is Enabled

Cb Response: Memdump Fails When Device Guard Is Enabled

Environment

  • Cb Response Agent 6.1.4 or later
  • Microsoft Windows 10

Symptoms

  • Running memdump during Live Response session in Cb Response fails with error:

Error getting memdump: Remote error HRESULT 0x80070001

Cause

Running memdump in this situation could cause a BSOD so a change was made to fail with error instead.

Resolution

  • Use the Live Response put functionality to move another utility other than memdump which can be used to capture the memory dump.
  • A possible fix is still under investigation.

Additional Notes

Device Guard is the combination of Windows Defender Application Control and Virtualization-based sec...

CB-19330

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎08-31-2018
Views:
735
Contributors