Windows issues following Core Agent 2.7.6 and Intercept X 2.0.17 update. See KBA 135504 for more information.
This article explains how to setup your computer so that a Complete memory dump file will be created if the computer crashes. It also provides advice on how to compress the file for submission to Sophos Technical Support and generating a checksum of the file.
A complete memory dump is one of three possible computer memory dumps. For more information on types of memory dumps see the Technical Information section at the bottom of this article.
Applies to the following Sophos products and versions
Not product specific
Windows 7 and above
The instructions below explain the basic steps for enabling a complete memory dump on a Windows 7 and above computer. The instructions are similar for other Windows operating systems.
Note: If you are attempting to generate a complete memory dump on computer running a server operating system read the following Microsoft article before continuing: How to generate a kernel or a complete memory dump file in Windows Server 2008 and Windows Server 2008 R2.
The computer will now write the entire contents of the computer's RAM to a dump file if a system crash occurs.
If the Complete memory dump option is missing from the drop down menu follow the steps below to enable it.
Warning: The steps below involve editing the Windows registry. Read the registry warning in article How to edit Windows registry if you are unfamiliar with the registry editor and/or do not have a recent backup.
The Complete memory dump option is now enabled and can be selected from the System Properties menu as described in the section Configuring a computer for a Complete memory dump above.
A complete memory dump can generate a large file and therefore it is recommended that the file is compressed (for example, zipped up) before transferring from the source computer and/or submitting to Sophos Technical Support.
As uploading and downloading large files can result in data corruption we recommend (once the file is compressed) you checksum the file and forward the checksum value to us with the file.
If you provide us with the checksum of the file we can immediately determine if the file we are analyzing is the same as the original file on your computer's hard drive. For more information on generating a checksum for a file see article How to generate an MD5 checksum.
There are three types of 'memory dump' that a computer can produce:
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.