Jump to content
Sign in to follow this  
Vitaly Kravtsov


Recommended Posts

This section is for application crash dumps and scenarios causing such crashes.


Please indicate the following when reporting a bug:


Subject: a brief description of the issue in the topic subject (topics with senseless subjects like “Impressions”, “a question” or “bug” will be deleted)

Test environment: name and version of the issuing operating system

Build number:

Scenario: a step-by-step guide on how to reproduce the issue

Actual Result:

Expected result: the expected result.




When testing, you can experience an antivirus failure or a “blue screen”. If the crashes happen unexpectedly, do not panic, try remembering all your last actions, maybe you were changing settings or installing some software. When describing a bug, try to remember when it appeared, what was going on before it appeared, and how you dealt with it.


Give a detailed description of the issue and attach an (un)installation or update trace file.

Do not forget to indicate the build number and operating system name, a GSI report attached is even better.


Once you submit a bug report, some additional data may be required.


Kaspersky Lab specialists may request the following:


1. KES dump file. Troubleshooting a crash or deadlock of KES requires having avp.exe process memory dump. This file contains all information about the application at the moment of crashing.


The application outputs a corresponding notification about the crash and the fact of generating a dump file.

Memory dump files have the .dmp extension and unique names: KAV.[Product_version]_[Creation_date]_[Creation_time]_[Random_symbols].[Dump_typ



How to generate a memory dump file in KES gets deadlocked:


Using the userdump utility:





Using windebug:

If you have Debugging Tools for Windows installed, you can get a dump of deadlock process by attaching to it via WinDBG and using the following command:

.dump -ma C:\KES.dmp


2. System memory dump. This file contains all information about the memory content and system status at the moment of crashing.


A full memory dump is required for finding the cause of a BSOD or a deadlock. Bug reports of this type are not accepted without dump files.


How to get a memory dump file if the system crashes (BSOD):


http://support.kaspersky.com/general/dumps - Windows XP, Windows 7, Vista, Windows 8



Swap file is crucial for generating a dump file. Do not disable the swap file and do not reduce its size below the amount of RAM. Otherwise the dump will be cut.

A full memory dump is required in case of an operating system deadlock. It can be enabled in systems with over 2GB RAM, having limited the amount of memory consume via msconfig.


3. How to get a full system memory dump in case of a deadlock:


3.1 If the system is not completely locked, you can use a special utility that provokes a voluntary BSOD:

startbluescreen — http://www.nirsoft.net/utils/start_blue_screen.html

Enable dump generation and run the command as Administrator when the system crashes

StartBlueScreen.exe 0 0 0 0 0


The nils here "0 0 0 0 0" are a command line key required to avoid unintended execution of the utility. You can use any other figures instead of nils, these will be displayed on the artificial BSOD as an error code.


3.2 If the system does not react to user commands, an artificial BSOD can be arranged via keyboard driver by pressing Ctrl-ScrollLock*2:


More detailed information (how to add a registry key, etc) here:



Once you have reproduced the situation and got a memory dump file, you should open the folder selected in the dump properties, find the MEMORY.DMP file, archive it (absolutely necessary) in .zip and upload to a file exchanger (KL ftp, for example). Once uploaded, you should announce its location and name to developers in the corresponding topic.


3.3 An alternative is to use Debugging Tools for Windows.


3.3.1 How to get a dump of a deadlock process


In WindowsXP/Vista/7 (x86/x64). Download the utility: http://msdn.microsoft.com/en-us/windows/hardware/gg463009. Choose x86 or x64 according to your OS type and install it on the testing computer.

You should se windbg as a default debugger. Run cmd as Administrator, open the windbg folder (e.g. cd %programfiles%\Debugging Tools for Windows (x86)) and run windbg -I:


windbg.exe -I


A message will appear informing that windbg has been successfully set as default debugger. When the process deadlocks, run windbg (make a URL on Desktop beforehand) as Administrator and attach to the process

(File - attach to process or F6). Then use the following command to generate a dump file:


.dump -ma C:\123.dmp


The command ".dump -ma" (with a dot in the beginning), C:\123.dmp is the file path (it can be any name but the folder has to exist already). WinDBG will report that a mini-dump has been generated successfully, although it will be actually a full dump because we used the "-ma".


3.3.2 How to generate a dump of a crashed process

Since windbg is the default debugger (after running it with the –I key), it automatically reacts to a process crashing and displays its window. Then you should use the same command:

.dump -ma C:\procname.dmp


3.4. (Un)Installation trace file for debugging (un)Installation issues. Once you have a trace file, you should archive it and attach to your reply in the corresponding forum topic.

Here you can find a guide to generating (un)Installation trace files http://support.kaspersky.com/faq/?qid=193239284


3.5. Trace files generated when reproducing the issue – files containing a log of all activity of KES components. These may help the developers to pinpoint and eliminate the bug.


Trace generation controls:



3.6 GetSystemInfo (GSI) report. Disable KES Self-Defense function (Settings => Options => uncheck Self-Defense), generate a GSI report, and enable Self-Defense again. A GSI report should be ZIPped and attached to your reply in the corresponding topic. http://support.kaspersky.com/general/dumps/3632


3.7 Screenshot. Please do not use any third-party resources (like radikal), and attach screenshots directly to your reply in the topic. The forum supports this function.


Use the following file exchanger to submit the data to developers:

ftp://data14.kaspersky-labs.com/ — you will receive login and password via a Private Message on the forum.

You can use FileZilla ftp client or any other file manager (Far, TotalCommander) to upload files to ftp://data8.kaspersky-labs.com.

Share this post

Link to post
This topic is now closed to further replies.
Sign in to follow this  

  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.