Creating a RAM dump retrieval task

You can retrieve a RAM dump from a selected host with the Endpoint Agent component. To do so, you must create a memory dump retrieval task.

The resulting file can be saved only to a shared network resource.

To create a memory dump retrieval task:

Select the Tasks section in the application web interface window.
This opens the task table.
Click the Add button and select Memory dump in the Get data drop-down list.
This opens the task creation window.
Configure the following settings:
1. Share path—path to a shared network resource.
  You need to specify the path in the Universal Naming Convention (UNC) format: \\server\share\path.
  
  If the last folder with the specified name is absent, Kaspersky Endpoint Agent will create one. If creation is unsuccessful, an error will be displayed in the web interface of Kaspersky Anti Targeted Attack Platform.
2. User name—user name of the account used to access the shared network resource.
3. Password—password of the account used to access the shared network resource.
4. Description is the task description. This field is optional.
5. Host—the IP address or name of the host to which you want to assign the task.
Click Add.

The RAM dump retrieval task is created. The task runs automatically after it is created.

As a result, the application places a RAW file or an archive that contains a RAW file on the shared network resource.

If you are using Kaspersky Endpoint Agent in the role of the Endpoint Agent component, the task can be assigned only to hosts running Kaspersky Endpoint Agent for Windows version 3.14 and later.

Users with the Security auditor role cannot create tasks.

Users with the Security officer role do not have access to tasks.