Creating a RAM dump retrieval task

You can get a RAM dump file from selected Kaspersky Endpoint Agent for Windows host. To do so, you must create a memory dump retrieval task.

The resulting file can be saved only to a shared network resource.

To create a memory dump retrieval task:

1. Select the Tasks section in the program web interface window.

   This opens the task table.

2. Click the Add button and select Memory dump in the Get data drop-down list.

   This opens the task creation window.

3. Configure the following settings:
   1. Share path—path to a shared network resource.

      You need to specify the path in the Universal Naming Convention (UNC) format: \\server\share\path.

      If the last folder with the specified name is absent, Kaspersky Endpoint Agent will create one. If creation is unsuccessful, an error will be displayed in the web interface of Kaspersky Anti Targeted Attack Platform.

   2. User name—user name of the account used to access the shared network resource.
   3. Password—password of the account used to access the shared network resource.
   4. Description—Task description. This field is optional.
   5. Host—the IP address or name of the host to which you want to assign the task.
4. Click Add.

The RAM dump retrieval task is created. The task runs automatically after it is created.

The application places an archive containing a file or files in the EWF format to a shared network resource.

You can assign the task only to hosts with Kaspersky Endpoint Agent for Windows 3.14 or later.

Users with the Security auditor role cannot create tasks.

Users with the Security officer role do not have access to tasks.