hello,
https://df-stream.com/2017/08/memory-acquisition-and-virtual-secure/
we're having issues with NWE 4.3.0.3 and win10 (anniversary) with virtual secure mode + credential guard on (but without device guard code integrity on)
On memory dump from the UI ECAT doesn't bluescreen but mem dump fails with error: '998 - Invalid access to memory location'
(not a customer for NWE anymore) so is it fixed in 4.3.0.4 or 4.3.0.5? if not - expected fix date?
We've tried some of the other tools indicated as fixed in the article and they work.
Hi Vladimir Previn,
There is a known issue seen on lower version of ECAT in pulling full memmory dump from endpoints. This was a behavior seen specially if the version of ECAT Console is not the same as the ECAT agent. You can check NWE 4.3.0.5 Release Notes where you can see fixed issues for full memory issues.
regards,
Renelee "AP" Manio