If the error report indicates that one or more non-Microsoft products were involved in causing the issue, Microsoft may send the report to the respective companies if the companies agree to abide by the terms of the privacy statement. Software or hardware developers employed by Microsoft or one of its partners may analyze the fault data and try to identify and correct the problem.
Details that are related to privacy of data are presented in Types of data collected later in this section. Ability to disable : The feature can be disabled through Group Policy or on an individual computer. You can also control the feature as described in Overview: Using Windows Error Reporting and the Problem Reports and Solutions feature in a managed environment earlier in this section, and Controlling Windows Error Reporting to prevent the flow of information to and from the Internet later in this section.
This section provides an overview of the data that Windows Error Reporting collects and information about data that might be collected from four sources:. Windows Error Reporting collects information about the computer configuration, what the software was doing when the problem occurred, and other information directly related to the issue.
It is possible that such information may be captured in memory or in the data that is collected from open files, but Microsoft does not use it to identify users. Windows Error Reporting collects Internet Protocol IP addresses, but the addresses are not used to identify users, and in many cases, they are the address of a network address translation NAT computer or proxy server, not a specific client behind that NAT computer or proxy server.
IP address information is used in aggregate by the operators who maintain the servers that receive error reports.
In rare cases, such as issues that are especially difficult to solve, Microsoft may request additional data, including sections of memory which may include memory that is shared by any or all applications that were running at the time the issue occurred , some registry settings, and one or more files from your computer.
When additional data is requested, users can review the data and choose whether to send the information. Any application can be written in a way that uses the Error Reporting functionality. If an application error occurs for which Error Reporting is available, and you choose to send the report, the following information is included:.
Information regarding the condition of the computer and the application at the time the error occurred. This may include data that is stored in memory and stacks, information about files in the application's directory, the operating system version, and the computer hardware in use.
You can use a registry setting to configure Windows Error Reporting so that it collects full user-mode dumps and stores them locally after a user-mode application stops responding.
This configuration option in Windows Error Reporting does not involve communication across the Internet. If users encounter a handwriting recognition error while using the Tablet PC Input Panel, they can start the error reporting tool and then select recently corrected handwriting samples to send in an error report.
The samples are handled according to the consent-level setting, and in most cases, they are sent only with explicit consent. No personal information is intentionally collected; however, the samples that are chosen may include personal information.
This information will not be used to personally identify the person. You can disable the reporting of handwriting recognition errors by using a specific Group Policy setting, as described in Setting for disabling Windows Error Reporting later in this section. The reports are like error reports, but they record a word or word pair to improve the selection of the ideograms that are displayed. Word registration reports can include the information that is provided in the Add Word dialog box about the words being reported, and the software version number for IME.
Each time such a report is generated, the user is asked whether to send the report to Microsoft and can view the information that is contained in the report before sending it. Microsoft uses the information to help improve IME.
Personal information might unintentionally be collected, but Microsoft does not use the information to identify or contact the person.
If you configure Windows Error Reporting as described in Procedures to configure Windows Error Reporting later in this section, you can control word registration reports in the same way that you control error reports. When a kernel-mode system error occurs a Stop message is displayed and diagnostic information is written to a memory dump file. When someone restarts the computer by using normal mode or Microsoft Windows Safe Mode with networking , and then signs in as an administrator, Windows Error Reporting responds.
As with other errors, Windows Error Reporting uses the consent-level setting to determine when to prompt you before sending a kernel fault report. Windows kernel fault reports contain information about what the operating system was doing when the problem occurred.
These event reports contain the minimum information that can help identify why the operating system stopped unexpectedly. If you choose to send the report, it includes the following:.
Add your dump settings under the MyApplication. If your application crashes, WER will first read the global settings, and then will override any of the settings with your application-specific settings. After an application crashes and prior to its termination, the system will check the registry settings to determine whether a local dump is to be collected. After the dump collection has completed, the application will be allowed to terminate normally. If the application supports recovery, the local dump is collected before the recovery callback is called.
These dumps are configured and controlled independently of the rest of the WER infrastructure. The local dump can be different than the dump sent to Microsoft. Skip to main content. For Windows 10, use the search function in Settings to locate View advanced system settings.
WER settings are located in one of the following registry subkeys:. If the bypass is disabled or not configured as a policy setting, WER throttles data by default. WER does not upload more than one CAB file for a report that contains data about the same event types. WER does not throttle data. WER uploads additional CAB files that can contain data about the same event types as an earlier uploaded report.
Possible values: 1 - Always ask default 2 - Parameters only 3 - Parameters and safe data 4 - All data. Possible values: 0 - Vertical consent will override the default consent default 1 - Default consent will override the application-specific consent.
Use WerAddExcludedApplication. The directory path. If the default is not used, the application must ensure that the folder has a sufficient ACL.
Windows Vista: The registry values under the LocalDumps key are not supported. A subkey under it, named after the executable file for the process I am interested in, is overriding the global default setting, and I am getting the crash dumps just nominally, full memory burp in the location I specify. However, there is apparently no setting in the documentation under the LocalDumps that would tell the system not to create dumps, such that I would override one for my service's subkey.
These are unattended servers, and more trash means more scripted cleanup. Is there a documented way to disable core dumps by default for all programs, and override the prohibition for just one? It is documented that dumps are not created if the location is not writable by the crashing process' identity, but I do not want them for LocalSystem services too, and this guy can write anywhere. Also, it seems that the dumps are not created if the DumpFolder points to an invalid filepath.
To make it even maybe a little less hacky, I set it to the NUL device in the device namespace : stands for "value under key" below :. This ostensibly works in Server , R2 and But I must keep fingers crossed that a next update would not change this undocumented behavior.
0コメント