MemoryDumpType ActionRules

Memory dump types may be selectively configured based off the EventType and AppName presented in the S1 URL. This functionality is only supported in the Error Reporting Web Service, version 1.6.1612.13 or higher.

This feature can be enabled in the Rules.xml file located at D:\ERWS_Website\Bin\AppData\Rules.xml.

MemoryDumpType supported values are “none”, “mini”, and “full”.

Changing the memory dump type may have a significant impact on Microsoft’s ability to detect threats for the crashing process. This feature should be used sparingly, and only implemented after a thorough discussion with Microsoft's Enterprise Threat Detection support team.

This feature is primarily used to:

Minimize bandwidth consumed by excessive cab size for medium-high risk applications.

To add a new rule, add the following XML after the tag.

Note: ActionRules are applied top down in the rules.xml file. If the event matches a rule, no other rules are processed.

XML Code

<ActionRule>
    <Application EventType="BEX" AppName="randcrash.exe" VersionRegexMatch="" TimestampRegexMatch="" ModuleNameRegexMatch=""
            ModuleVersionRegexMatch="" ModuleTimestampRegexMatch="" ExceptionCodeRegexMatch="" ExceptionInfoRegexMatch="" MemoryDumpType="mini"/>
</ActionRule>

Note: EventType, AppName, and MemoryDumpType are required parameters for an action rule. Other parameters may be configured as needed.

Default MemoryDumpType

A default MemoryDumpType may be specified in the web.config file for the Error Reporting Services Website.

This file may be found at D:\ERWS_Website\web.config.

To configure a default MemoryDumpType, set the DefaultMemoryDumpType AppSetting to the desired value and execute an iisreset.

DefaultMemoryDumpType supported values are “none”, “mini”, and “full”.

<!--  Default MemoryDumpType - supports "none","mini","full" -->
<add key="DefaultMemoryDumpType" value="full" />

Changing the memory dump type may have a significant impact on Microsoft’s ability to detect threats for the crashing process. This feature should be used sparingly, and only implemented after a thorough discussion with Microsoft's Enterprise Threat Detection support team.