You can get a memory dump file from selected Kaspersky Endpoint Agent for Windows hosts. To do so, you must create a process memory dump retrieval task.
To create a process memory dump retrieval task:
This opens the task table.
This opens the task creation window.
You can specify only one host.
The process memory dump task can only be assigned to hosts with Kaspersky Endpoint Agent for Windows version 3.13 or later.
The process memory dump retrieval task is created. The task runs automatically after it is created.
The task creates a ZIP archive in Storage, which contains a file with information about the process and a process memory dump file. You can download the archive to your local computer.
If the task results in an error, the archive file contains the description of the error.
If you are using the distributed solution and multitenancy mode, the archive is placed in Storage of the Central Node server to which the host specified in the Host field is connected.
Users with the Security auditor role cannot create this task.
Users with the Security officer role do not have access to tasks.