Enable Enhanced Memory Protection Logging

Enhanced Memory Protection Logging

This feature has been implemented with newer agent version 3.* and newer. It allows memory protection to have its debug logging increased, so that the logging output related to memory protection is more verbose and contains more useful information.

 This increased logging has the potential to adversely affect performance, so it should be used carefully.

• This feature is only intended to be enabled during troubleshooting to increase the usefulness of the data that is collected, and it must always be disabled immediately afterwards.

NOTE: For Enhanced Memory Protection Logging to work, you will also need to enable Debug/Verbose Logging for the device.

• Enable Debug/Verbose Logging (SonicWall)

1. To enable the following Registry key, the target device must have its Self Protection Level set to Local Admin.
   1. Open the Cylance console, and navigate to Assets > Devices.
   2. Click the desired device, verify that Local Admin is selected for the Self Protection Level drop down menu, and click Save.

2. Complete the following steps on the device to enable this logging.
   1. Launch Regedit (Registry Editor) as Administrator.
   2. Click Yes if prompted by Windows User Access COntrol (UAC) to allow regedit to make changes to your computer.
   3. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop.
   4. Create the DWORD value MemDefDebugOption and set its value to 1.