This article describes what data to gather when a system hangs.
Scope
Solution
Create a manual crash dump using applicable Microsoft’s instructions or a 3rd party utility such as bang.
Gather a full memory dump while the system is hanging and zip the memory dump. Make note of the Sha256 to validate file integrity. (See below part 7.d for detailed instruction on capturing a memory dump)
Gather FortiEDR Collector Logs from the device while it is running. This can be done from the FortiEDR Console (Inventory -> Select the Device -> Export -> Collector Logs) or from the device itself (C:\ProgramData\fortiedr). If collected from the device locally, zip the fortiedr directory.
Send the list of steps put together in Step 6, memory dump and sha256 from Step 7.b.ii, and the FortiEDR Collector Logs from Step 7.b.iii and add this information to a Ticket if FortiCare for Support assistance.
