Topic:
This internal KB article addresses how SecureDoc for Windows leveraging Microsoft's Windows Error Reporting (WER) features to capture and report application crashes e.g. CD/DVD crashing.
When a SecureDoc application crashes due to an unhandled exception, such as invalid memory access, the Windows operating system notifies the WER service of the crashing application. The WER service connects to the crashing application and inspects and analyzes it. It then launches the WerFault.exe within the current user context to process the crash. The WER service also logs an event in the Application Event Log with basic information about the crashing application, including the application name, the faulting module and the exception code.
The WerFault process allows the user to submit a mini-dump of the crash to Microsoft for analysis. This mini-dump may contain sensitive information, such as usernames or passwords. Security-conscious customers may choose to prevent users from sending crash information to Microsoft by using Group Policy to configure the behaviour of WER.
The WerFault process can also generate a local crash dump if it is configured to do so through the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps described in Collecting Crash Dumps. This crash dump can be used along with the symbol files for the affected version in order to identify the origin of a crash.
The crash dump will be be created in the folder specified in the DumpFolder value specified in the
The level of detail in the crash dump can be configured by specifying the DumpType and CustomDumpFlags values in the registry. A DumpType value of 1 would generate a mini-dump, which includes partial stack and variable information, while 2 would create a full-dump of the entire memory space of the crashing process. Since the crash dumps contain a snapshot of the application's memory space, it is possible for them to contain sensitive information, including usernames and passwords. The confidentiality of this data is protected by the ACL on the directories containing the crash dumps.
As an example, please refer to KB 1560 How to collect Logging for CD/DVD Related Issues. This article provides instructions on how to enable CD/DVD logging in order for the WER to capture and report CD/DVD application crashes.
Additional Reference Material:
This information is covered in Confluence: https://confluence.winmagic.local:8443/display/PDCT/Error+Reporting+and+Analysis as of Oct. 30 2014
KB 1560 How to collect Logging for CD/DVD Related Issues