Environment

• Cb Response Agent 6.1.4 or later
• Microsoft Windows 10

Symptoms

• Running memdump during Live Response session in Cb Response fails with error:

Error getting memdump: Remote error HRESULT 0x80070001 

Cause

Running memdump in this situation could cause a BSOD so a change was made to fail with error instead.

Resolution

• Use the Live Response put functionality to move another utility other than memdump which can be used to capture the memory dump.
• A possible fix is still under investigation.

Additional Notes

Device Guard is the combination of Windows Defender Application Control and Virtualization-based security (Windows 10) |…

CB-19330