This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
How do I work with memory dumps in Traps?
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- Cloud Delivered Security Services
- Endpoint (Traps) Discussions
- How do I work with memory dumps in Traps?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
How do I work with memory dumps in Traps?
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-06-2018 02:32 PM
I've created a task to perform a full memory dump on a specific machine. The task results in a massive list of "dump" files in .zip format spread across several minutes. I have no idea what to do with these files or how to glean information from them. I would love to see a video of someone performing analysis on an event using a memory dump that was manually requested.
1 REPLY 1
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-07-2018 05:59 AM
The dumps that are gathered from a prevention event include files in use during the time of the prevention, and a memory snapshot (.dmp). The dmp file can be viewed with programs such as windbg. Palo Alto Traps support has been trained on how to review and analyze these dumps, and can review any dump you submit to them. You can always open a case through the Palo Alto support portal, and submit the dump for review. Should they find the prevention to be a false positive, they can offer a solution for you.
Like what you see?
Show your appreciation!
Click Like if a post is helpful to you or if you just want to show your support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks