The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
This article explains how to setup your computer so that a 'Complete memory dump' file will be created if the computer crashes. It also provides advice on how to compress the file for submission to Sophos Technical Support and generating a checksum of the file.
A complete memory dump is one of three possible computer memory dumps. For more information on types of memory dumps see the Technical Information section at the bottom of this article.
Applies to the following Sophos product(s) and version(s)
Not product specific
The instructions below explain the basic steps for enabling a complete memory dump on a Windows 7 computer. The instructions are similar for other Windows operating systems.
Note: If you are attempting to generate a complete memory dump on computer running a server operating system read the following Microsoft article before continuing: How to generate a kernel or a complete memory dump file in Windows Server 2008 and Windows Server 2008 R2.
The computer will now write the entire contents of the computer's RAM to a dump file if a system crash occurs.
If the 'Complete memory dump' option is missing from the drop down menu follow the steps below to enable it.
Warning: The steps below involve editing the Windows registry. Read the registry warning in article 10388 if you are unfamiliar with the registry editor and/or do not have a recent backup.
The 'Complete memory dump' option is now enabled and can be selected from the System Properties menu as described in the section Configuring a computer for a 'Complete memory dump' above.
A complete memory dump can generate a large file and therefore it is recommended that the file is compressed (e.g., 'zipped up') before transferring from the source computer and/or submitting to Sophos Technical Support.
If you require further information and instructions for compressing the dump file see article 117369.
As uploading and downloading large files can result in data corruption we recommend (once the file is compressed) you checksum the file and forward the checksum value to us with the file.
If you provide us with the checksum of the file we can immediately determine if the file we are analyzing is the same as the original file on your computer's hard drive. For more information on generating a checksum for a file see article 27373.
There are three types of 'memory dump' that a computer can produce:
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.