Agent crash issues can be frustrating and difficult to address. The steps in this article will guide you through collecting the right data so that support can best assist with the issue. In addition there are some troubleshooting options that may help better identify the cause and possible workaround or solution.
Some of the most common solutions to Agent crashes are:
Updating to the latest version and / or maintenance pack of DLP. Many times the crash has already been reported and fixed in a later release. This means that the latest maintenance pack DLP agent should be tested. If possible also test the latest hotfix agent for that maintenance pack agent.
For example. If a 15.1 agent is crashing then the 15.1 MP1 (current latest MP agent) should be tested. If possible the 15.1.107 (latest HF agent) would be tested.
Note that a maintenance pack agent (15.1 MP1 in this case) is supported connecting to a non maintenance pack server.
Ensure that the proper antivirus exceptions have been added to the system(s). See TECH220235.
If the above solutions do not address the issue or are not viable at this time then it is time to collect data then contact support.
Try to answer the following questions:
Can the crash be duplicated? Provide information about how the crash is duplicated. Is it caused by a process like copy / paste or is it a matter of just waiting x amount of time?
If the agent crash is caused by a process then is it consistent? I.e. does it always happen or only happen a percentage of the time?
Does the crash happen across multiple machines or OS platforms?
Is this happening in production or test environments?
What percentage of machines are affected?
Next the data needs to be collected. Follow these steps to help gather the needed information:
If the crash can be duplicated then follow these steps:
Collect the relevant system logs from the client machine Windows: System and Application Event Logs Mac OSX: ~/Library/Logs/DiagnosticReports/
On the client machine, download and run SymDiag from TECH170735. Collect system information and attach it to the case.
Collect crash dumps from the agent. Default locations are Windows: “C:\Program Files\Manufacturer\Endpoint Agent\MemDump” Mac OSX: /Library/Manufacturer/Endpoint Agent/MemDumps
Submit the collected information and data to support for analysis.
Third Part Application Crash
When a third party application is crashing and it is believed to be caused by the DLP agent then collect a crash dump from that application. This can be done by using procdump (with -ma and -e switch) or by using Windows Error Reporting.
Note that procdump should not be used with the dlpagent as the dlpagent will generate it's own crash dumps.
Procdump exampe: procdump -ma -e outlook.exe
This will monitor outlook.exe for an unhandled exception then generate a crash dump when it occurs. Outlook should be running before running the command.
Optional Advanced Troubleshooting
Enable / Disable different agent channels (Example: uncheck the local disk or Clipboard) in the agent configuration to determine which could be causing the crash. Disable all of them, then selectivly add others.
Windows: Load crash dump in Windbg. Use !analyze -v command. What are the offending files? Search KB for crash information related to offending files.
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.