Creating a process memory dump retrieval task
You can get a process memory dump file from the selected Kaspersky Endpoint Agent for Windows hosts. To do so, you must create a process memory dump retrieval task.
To create a process memory dump retrieval task:
- Select the Tasks section in the program web interface window.
This opens the task table.
- Click the Add button and select Process memory dump in the Get data drop-down list.
This opens the task creation window.
- Configure the following settings:
- Process ID is the ID of the process for which you want to get a memory dump.
- MD5/SHA256 is the MD5 or SHA256 hash of the file of the process of which you want to get a memory dump. This field is optional.
- Description—Task description. This field is optional.
- Hostis the name or IP address of the host to which you want to assign the task.
You can specify only one host.
The process memory dump task can only be assigned to hosts with Kaspersky Endpoint Agent for Windows version 3.13 or later.
- Click Add.
The process memory dump retrieval task is created. The task runs automatically after it is created.
The task creates a ZIP archive in Storage, which contains a file with information about the process and a process memory dump file. You can download the archive to your local computer.
If the task results in an error, the archive file contains the description of the error.
If you are using the distributed solution and multitenancy mode, the archive is placed in Storage of the Central Node server to which the host specified in the Host field is connected.
Users with the Security auditor role cannot create this task.
Users with the Security officer role do not have access to tasks.