06-06-2018 02:32 PM
I've created a task to perform a full memory dump on a specific machine. The task results in a massive list of "dump" files in .zip format spread across several minutes. I have no idea what to do with these files or how to glean information from them. I would love to see a video of someone performing analysis on an event using a memory dump that was manually requested.
06-07-2018 05:59 AM
The dumps that are gathered from a prevention event include files in use during the time of the prevention, and a memory snapshot (.dmp). The dmp file can be viewed with programs such as windbg. Palo Alto Traps support has been trained on how to review and analyze these dumps, and can review any dump you submit to them. You can always open a case through the Palo Alto support portal, and submit the dump for review. Should they find the prevention to be a false positive, they can offer a solution for you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!