Kaspersky Embedded Systems Security 3.x

Enabling and disabling dump file creation. KAVSHELL DUMP

October 25, 2023

ID 146721

You can use the KAVSHELL DUMP command to enable or disable creation of snapshots (dump files) of Kaspersky Embedded Systems Security for Windows processes if they terminate abnormally (see the following table). Additionally, you can create a dump file of running Kaspersky Embedded Systems Security for Windows processes at any time.

To create a dump file successfully, the KAVSHELL DUMP command must be executed under the local system account (SYSTEM).

Kaspersky Embedded Systems Security for Windows writes information to trace files and the dump file in unencrypted form.

The KAVSHELL DUMP command can not be used for x64 processes.

KAVSHELL DUMP command syntax

KAVSHELL DUMP </ON /F:<folder with the dump file>|/SNAPSHOT /F:< folder with the dump file> / P:<pid> | /OFF>

KAVSHELL DUMP command-line parameters/options

Key

Description

/ON

Enables creation of a dump file if a process terminates abnormally.

/F:<path to folder with dump files>

This is a mandatory parameter. It specifies the path to the folder where the dump file will be saved. Paths to folders on the network drives of other unprotected devices are not allowed.

System environment variables can be used when specifying the path to the folder for the dump file; user environment variables are not allowed.

/SNAPSHOT

Takes a snapshot of the memory of the running process with the specified PID and saves the dump file in the folder specified by the /F parameter.

/P

The process identifier (PID) is displayed in the Microsoft Windows Task Manager.

/OFF

Disables the creation of a dump file if a process terminates abnormally.

Return codes for the KAVSHELL DUMP command.

KAVSHELL DUMP command example

To enable creation of a dump file; saving the dump file to the "C:\Dump Folder" folder, execute the command:

KAVSHELL DUMP /ON /F:"C:\Dump Folder"

To make a dump for the process with ID 1234 in the "C:/Dumps" folder, execute the command:

KAVSHELL DUMP /SNAPSHOT /F:C:\dumps /P:1234

To disable creation of dump files, execute the command:

KAVSHELL DUMP /OFF

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.