Process dump details

Process Dump Results details provide the status of the process dump. This page also provides endpoint activity recorder information about all of the events for a process with the backing SHA2 hash (not limited to process events) for the duration of the recording. Retrieving endpoint activity recorder information.
  • Summary
    : provides the following information
    • STARTED BY
      The user who initiated the process dump.
    • DATE
      The date and time (in UTC), in which the process dump was initiated.
    • ID
      The unique identifier for the process dump.
  • Actions:
    Only users with the Admin role or Controller role can perform actions. Actions that are not permitted based on your role appear in the EDR appliance console as inactive. You can view the status of your actions on the Search > Endpoint tab.
  • Cancel:
    Cancels the dump operation. This action only appears if the process dump is still in progress.
  • Results:
    The results of the process dump appear in the Events Summary view. See:
EDR cancels any inactive dump commands that do not return new results 3 days after they are initiated.