Enabling and disabling dump file creation. KAVSHELL DUMP
October 25, 2023
You can use the
KAVSHELL DUMP command to enable or disable creation of snapshots (dump files) of Kaspersky Embedded Systems Security for Windows processes if they terminate abnormally (see the following table). Additionally, you can create a dump file of running Kaspersky Embedded Systems Security for Windows processes at any time.
To create a dump file successfully, the
KAVSHELL DUMP command must be executed under the local system account (SYSTEM).
Kaspersky Embedded Systems Security for Windows writes information to trace files and the dump file in unencrypted form.
The KAVSHELL DUMP command can not be used for x64 processes.
KAVSHELL DUMP command syntax
KAVSHELL DUMP </ON /F:<folder with the dump file>|/SNAPSHOT /F:< folder with the dump file> / P:<pid> | /OFF>
KAVSHELL DUMP command-line parameters/options
Enables creation of a dump file if a process terminates abnormally.
/F:<path to folder with dump files>
This is a mandatory parameter. It specifies the path to the folder where the dump file will be saved. Paths to folders on the network drives of other unprotected devices are not allowed.
System environment variables can be used when specifying the path to the folder for the dump file; user environment variables are not allowed.
Takes a snapshot of the memory of the running process with the specified PID and saves the dump file in the folder specified by the /F parameter.
The process identifier (PID) is displayed in the Microsoft Windows Task Manager.
Disables the creation of a dump file if a process terminates abnormally.
KAVSHELL DUMP command example
To enable creation of a dump file; saving the dump file to the "C:\Dump Folder" folder, execute the command:
KAVSHELL DUMP /ON /F:"C:\Dump Folder"
To make a dump for the process with ID 1234 in the "C:/Dumps" folder, execute the command:
KAVSHELL DUMP /SNAPSHOT /F:C:\dumps /P:1234
To disable creation of dump files, execute the command:
KAVSHELL DUMP /OFF