Troubleshoot PSANHost Crash Dump Files

Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP

You can use the WatchGuard PSANHost Autodump tool (wg_psanhost_autodump.exe) to create PSANHost crash dump files. The tool adds the Exceptions key to the registry of the endpoint device. The tool also stops two WatchGuard product services (PSANHost.exe and PSUAService.exe) and disables the WatchGuard Endpoint Security anti-tamper protection for the endpoint device. Anti-tamper protection makes sure that only authorized users can install, disable, or uninstall WatchGuard Endpoint Security.

Installation Files and Registry Entries

The PSANHost Autodump tool copies installation files to one of these folders:

  • %ProgramFiles%\Panda Security\WG_PSANHost_Autodump
  • %ProgramFiles(x86)%\Panda Security\WG_PSANHost_Autodump

The tool creates the Exceptions registry key at one of these locations:

  • [HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Panda Service Host\Exceptions]
  • [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Panda Security\Panda Service Host\Exceptions]

The tool creates these values in the registry:

"CreateMiniDump"=dword:00000001

"PathMiniDump"="C:\Panda\AutoDumps"

"Version"=dword:00000001

Install and Run the WG PSANHost Autodump Tool

To install the WatchGuard PSANHost Autodump tool and create dump files:

  1. Download the wg_psanhost_autodump.exe file (external link).
  2. Run the wg_psanhost_autodump.exe file.
  3. If anti-tamper protection is enabled on the endpoint device, type and then retype the anti-tamper protection password.
    The Exceptions key is added to the regstry.

  1. (Optional) If the endpoint device is associated with a per-computer settings profile where anti-tamper protection is disabled, select the Anti-Tampering protection feature is disabled in this machine check box:
    You do not have to type an anti-tamper protection password for this option.

  1. Click Next.
    Replicate the crash on the endpoint device.
  2. Collect the dump files from the folder specified in the PathMiniDump registry value. By default, the folder path is:
    C:\Panda\AutoDumps
  3. Create a ZIP archive that contains the contents of the folder and send the archive to Support.

To remove the tool, use the Add / Remove Programs feature in Windows. After you remove the tool, perform a full synchronization from your WatchGuard Endpoint Security product. You can also manually enable anti-tamper protection for the endpoint device from WatchGuard Endpoint Security.