Initiating a process dump
Process dump data consists of all of the recorded events that occurred on an endpoint relating to the processes that the requested file hash back. Process dump obtains the endpoint activity recorder dump information for the file hash.
Follow the following steps to perform a
Process Dumpon an endpoint.
- Log on to the Symantec Endpoint Security console and selectInvestigatemenu.
- Search for relevant events that you want to investigate further.
- From theResultsgrid, clickActionsmenu
- From theActionsmenu, selectProcess Dump.