Enabling and disabling dump file creation. KAVSHELL DUMP
3 August 2023
ID 146721
You can use the KAVSHELL DUMP
command to enable or disable creation of snapshots (dump files) of Kaspersky Industrial CyberSecurity for Nodes processes if they terminate abnormally (see the following table). Additionally, you can create a dump file of running Kaspersky Industrial CyberSecurity for Nodes processes at any time.
To create a dump file successfully, the KAVSHELL DUMP
command must be executed under the local system account (SYSTEM).
Kaspersky Industrial CyberSecurity for Nodes writes information to trace files and the dump file in unencrypted form.
The KAVSHELL DUMP command can not be used for x64 processes.
KAVSHELL DUMP command syntax
KAVSHELL DUMP </ON /F:<folder with the dump file>|/SNAPSHOT /F:< folder with the dump file> / P:<pid> | /OFF>
KAVSHELL DUMP command-line parameters/options
Key | Description |
---|---|
/ON | Enables creation of a dump file if a process terminates abnormally. |
/F:<path to folder with dump files> | This is a mandatory parameter. It specifies the path to the folder where the dump file will be saved. Paths to folders on the network drives of other unprotected computers are not allowed. System environment variables can be used when specifying the path to the folder for the dump file; user environment variables are not allowed. |
/SNAPSHOT | Takes a snapshot of the memory of the running process with the specified PID and saves the dump file in the folder specified by the /F parameter. |
/P | The process identifier (PID) is displayed in the Microsoft Windows Task Manager. |
/OFF | Disables the creation of a dump file if a process terminates abnormally. |
Return codes for the KAVSHELL DUMP command.
KAVSHELL DUMP command example
To enable creation of a dump file; saving the dump file to the "C:\Dump Folder" folder, execute the command:
KAVSHELL DUMP /ON /F:"C:\Dump Folder"
To make a dump for the process with ID 1234 in the "C:/Dumps" folder, execute the command:
KAVSHELL DUMP /SNAPSHOT /F:C:\dumps /P:1234
To disable creation of dump files, execute the command:
KAVSHELL DUMP /OFF