1. Safetica
  2. TROUBLESHOOTING

Application or Operation System crashes

This article provides a guide how to proceed in case of OS/App crashes on the endpoints.

 

❗This article applies only to Safetica hosted on-premises.

 

In this article, you will learn more about:

Requirements

Safetica Maintenance Console
  • In Safetica ONE – Named Safetica Management Console and available to administrators by default.
  • In new Safetica – Renamed to Safetica Maintenance console. Available upon manual installation from here.

Review exceptions for Safetica in your other security solutions: How to set up exceptions for Safetica Client in your antivirus

 



OS crashes:

OS crashes can be quite sporadic and unpredictable. From our experience, the majority of them are caused on the network level by outdated network adapter drivers. Review them as the first option and if the OS crash occurs again, proceed with the logs collection.

  1. Begin with checking the level of your memory dump in the following Windows settings:
  2. In the Control Panel, select [System] and Security > System.
    Select [Advanced system settings], and then select the [Advanced tab].
  3. In the Startup and Recovery area, select [Settings].
  4. Under "Writing Debugging Information" select the "Complete memory dump" option.
  5. Restart the computer
  6. Wait for the crash to happen
  7. Collect the memory dump in the default path “C:\Windows” or the path you've previously set up - marked with the yellow arrow.
  8. Compress the memory dump into an archive and upload it to our upload server https://upload.safetica.com. Do not forget to fill in the ticket ID so the logs are assigned to the correct ticket.

Application crashes:

If an application crashes, we would need to isolate the source of the issue first and then get logs and dumps of the affected application process.

Isolating the source of the issue:

Firstly, review the following article which will help you to isolate the source of the conflict between the application and Safetica. 

How to isolate the source of the issue

Log collection:

  1. In the Safetica Maintenance Console, right-click on the affected endpoint and select [Enable Active Management – 1 hour]. Wait until the endpoint icon turns green.
  2. To get the dump from the crashing application process use the procdump tool as described in the next steps. You can find it in this path - C:\Program Files\Safetica\Tools\procdump.exe More information:ProcDump - Sysinternals | Microsoft Learn 
  3. Run CMD as administrator
  4. Create a folder for dumps like “C:\Dumps”
  5. Execute commands:
    1. cd C:\Program Files\Safetica\Tools\
    2. procdump.exe -ma -i c:\Dumps
  6. Now the procdump is installed like a post-mortem, keep the CMD open
  7. Replicate the situation with a crash, please do this several times.
  8. Check that the dumps are created after the crash of the application.
    1. If the dumps are created, you should uninstall the procdump.exe set as postmortem by executing the command: procdump.exe -u
  9. In the Safetica Maintenance Console > Maintenance > Information collection, set up a new collection task, leave the preset configuration and finish the wizard while selecting your tested workstation in the process.
  10. Download the generated log files and attach the affected image file. Upload everything to upload.safetica.com along with the information about the date and time of the test.