Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: Live Response Memdump Zip File is Corrupt

EDR: Live Response Memdump Zip File is Corrupt

Environment

  • EDR Sensor: All Supported
  • Windows: All Supported

Symptoms

The compressed memory dump file is corrupted

Cause

In some cases a third party security product is monitoring the working directory of the memdump command

Resolution

A third party security product exclusion for the working directory solves the corruption issue
For example:

     C:\Windows\CarbonBlack> memdump C:\Windows\Temp\memdump.dmp
An exclusion for the "C:\Windows\Temp" directory is needed


Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-06-2023
Views:
186
Contributors