NWE 184.108.40.206 (maybe all) memory dump issues with win10 VSM on?
we're having issues with NWE 220.127.116.11 and win10 (anniversary) with virtual secure mode + credential guard on (but without device guard code integrity on)
On memory dump from the UI ECAT doesn't bluescreen but mem dump fails with error: '998 - Invalid access to memory location'
(not a customer for NWE anymore) so is it fixed in 18.104.22.168 or 22.214.171.124? if not - expected fix date?
We've tried some of the other tools indicated as fixed in the article and they work.
- Community Thread
- credential guard
- Forum Thread
- RSA NetWitness Endpoint
- RSA NetWitness Platform
- virtual secure mode
Hi Vladimir Previn,
There is a known issue seen on lower version of ECAT in pulling full memmory dump from endpoints. This was a behavior seen specially if the version of ECAT Console is not the same as the ECAT agent. You can check NWE 126.96.36.199 Release Notes where you can see fixed issues for full memory issues.
Renelee "AP" Manio
hmm, I've read the release notes and it's a different issue to both of the below.
the issue is specifically error '998 - Invalid access to memory location' EXTRACTING memory failing not transferring it to the NWE server.
ECATCE-700 If there are older versions of the NetWitness Endpoint agent still in use (for example,
version 4.1.2), the following error is logged by the ConsoleServer: System.IO.InvalidDataException:
Found invalid data while retrieving "Process and System
ECAT-8423 The Full Memory Dump and Process Memory Dump actions are not creating the raw
file for a 4.1.2 agent communicating with a 188.8.131.52 server and the following server
error is thrown: "ERROR: System.IO.InvalidDataException: Found invalid data while
can you go back to engineering with this please. or explicitly confirm the other two ECAT tracking ids cover the issue with
'998 - Invalid access to memory location' EXTRACTING memory failing
Validating issues with engineering team will require a support case to be created. You can wait for other Netwitness Endpoint support members to give their inputs.
Renelee "AP" Manio