Collecting Memory Dumps to Debug Driver Conflicts with Forcepoint Endpoint
- Article Number: 000005227
- Products: Forcepoint DLP Endpoint, Forcepoint One Endpoint, Forcepoint Web Security Cloud, Forcepoint Web Security Endpoint, Forcepoint Web Security Endpoint Cloud, Web Security Gateway Anywhere
- Version: 8.5, 8.4, 8.3, 8.2, 8.1, 8.0, 7.8, 20, 19, 18
- Last Published Date: September 14, 2020
Notes & Warnings
If it is preferable to decouple the application binaries completely from being monitored by the Endpoint, please refer to the Advanced Tab documentation for instructions.
Take care to roll back registry changes after the memory dump is collected.
The information in this article recommends editing the registry. Before proceeding, back up the registry, and be sure you understand how to restore the registry if a problem occurs. Refer to the Microsoft Knowledge Base for information on backing up, restoring, and editing the registry.
Forcepoint provides information on how to edit the Windows registry as a convenience to its customers, but does not support Windows in any way and will not be responsible for any problems that may arise from such editing.
WARNING: Using Registry Editor incorrectly may cause serious problems that could require you to reinstall the operating system. Use Registry Editor at your own risk.
The Forcepoint Endpoint Client can encounter driver conflicts with other client-side applications. Issues such as application crashes, hanging, or overall system performance issues may be experienced. In these situations, it is helpful to collect a full memory dump by initiating a BSoD (Blue Screen of Death) on the client machine.
A common log entry pertaining to driver errors is the following within DebugDump.txt:
[DataSecurityEngine]: fail to create QIP
The resulting memory dump can be provided to Engineering for review.
Option 1 - NotMyFaultTool
If you can access the machine to reproduce the issue on-demand, you can use the Microsoft SysInternals NotMyFault tool to take kernel or complete crash dumps. To do this, follow these steps:
Note This will generate a memory dump file and a "Stop D1" error.
Option 2 - Registry Modification
The following will take a "Full User-Mode Dump" which usually contains more information.
Option 3 - CrashDumpEnabled
For additional information and options, please refer to the following Microsoft article:
Generate a kernel or complete crash dump
Keywords: DLP Data Security Endpoint; Forcepoint One Endpoint; Memory Dump; Crash Dump; Application Compatibility Issue; Outlook Crash; Blue Screen of Death; Driver Issue; Antivirus; Monitoring Software; System Instability