Endpoint Protection

Gathering PROCESS DUMP for advanced SEP troubleshooting with environmental issues which would help us compare , identify and isolate specific environmental issues with SEP processes...


Download and install Debugging Tools for Windows from:
http://www.microsoft.com/whdc/devtools/debugging/default.mspx

Installed Components for “Debugging Tools for Windows “ would look similar to screenshot attached where the Default install location is E:\Program Files\Debugging Tools for Windows (x86)

There are two common methods to start log collection using the files in Debugging Tools for Windows:

1. adplus.vbs
2. windbg.exe

1. -hang (FULL) creates a snapshot (full dump) of the process right now, it really has nothing to do with the process hanging, but it got its name because the most common usage for these snapshots is to debug hangs.
2. -crash (MINI) attaches cdb.exe to the process in invasive mode and leaves it attached until either you close the debugger (generating a ctrl-c event), or until the process crashes or gets an interrupt (breakpoint). Whilst attached, it creates mini dumps for all access violation exceptions, and logs all other exceptions that it has set up in a log file... and if the process crashes it generates a full dump when it exits.
3. -pn specifies what process you want to attach to, by process name.
4. -p specifies what process you want to attach to, by process ID.