The dumps that are gathered from a prevention event include files in use during the time of the prevention, and a memory snapshot (.dmp). The dmp file can be viewed with programs such as windbg. Palo Alto Traps support has been trained on how to review and analyze these dumps, and can review any dump you submit to them. You can always open a case through the Palo Alto support portal, and submit the dump for review. Should they find the prevention to be a false positive, they can offer a solution for you.
... View more