How to enable crash dumps for MetaDefender Core processes?

This article applies to all MetaDefender Core v5 releases deployed on Windows systems.

Overview

Windows Error Reporting (WER) can automatically generate crash dump files when a process fails unexpectedly. Configuring WER through the Windows Registry allows administrators to capture .dmp files for MetaDefender Core components such as engineprocess.exe and ometascan.exe.

Prerequisites

  • Administrative access to the Windows system.
  • Adequate free disk space (full dumps can be several GB).
  • The MetaDefender Core service account must have permission to write to the dump folder.

Steps to Enable LocalDumps for MetaDefender Core

Step 1: Create the dump folder

  1. Create a directory, for example: C:\Dumps\MetaDefender

  2. Grant SYSTEM and the MetaDefender Core service account write permissions.

Step 2: Configure the registry

Create the following registry keys and values for each process if missing:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\engineprocess.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\ometascan.exe

Under each key, add:

Value NameTypeData
DumpFolderREG_EXPAND_SZC:\Program Files\OPSWAT\MetaDefender Core/crashdump
DumpCountDWORD32
DumpTypeDWORD2 (Full dump) or 1 (Mini dump)

You can automate this using a .reg file:

Copy

Step 3: Restart services

After creating the registry entries, restart the MetaDefender Core services or reboot the system to apply changes.

4) Verification

When a crash occurs, WER should generate .dmp files in the specified folder (e.g., C:\Program Files\OPSWAT\MetaDefender Core\crashdump).

If dumps are not generated:

  • Verify if WER is not disabled by Group Policy.
  • Confirm the process has permission to write to the dump directory.
  • Check Event Viewer > Application for WER-related errors.

5) Notes

  • DumpType=1 generates a small (mini) dump, suitable for basic debugging.
  • DumpType=2 generates a full dump, preferred for OPSWAT Support investigations.
  • Only enable dumps temporarily to avoid excessive disk usage.

If Further Assistance is required, please proceed to log a support case or chat with one of our support engineers.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Can I control access to the RAM disk in MetaDefender Core v5?
On This Page
How to enable crash dumps for MetaDefender Core processes?OverviewPrerequisitesSteps to Enable LocalDumps for MetaDefender CoreStep 1: Create the dump folderStep 2: Configure the registryStep 3: Restart services4) Verification5) Notes