Hello again and sorry for the delay.
If you agree it will be very useful for our investigation to collect a memory dump of your Wazuh Agent when it crashes.
To do so, the easiest way will be to work with
procdump. This is a tool provided by Microsoft to generate memory dumps from any process.
Here is a
link to download the tool. Please, observe that this is a link to Microsoft site, that's why we trust in this tool. We will never suggest you download or run applications from untrusted developers.
To collect the memory dump you need to:
- Download and extract the tool.
- Start Wazuh Agent with the faulting configuration
- Open a command prompt with elevated privileges and stand on the tool folder.
- Run procdump.exe -t wazuh on any command prompt with elevated privileges. This will run procdump with default options over wazuh service and collect the memory dump when the process terminates.
- Wait until Wazuh crashes.
- Collect the output file in the same tool folder (wazuh-agent.exe_*.dmp).
- Restart Wazuh.
- Repeat the process but with procdump.exe -e wazuh. This will collect the memory dump when the process matches an unhandled exception.
- Collect the new output file.
- Send us the collected files for investigation.
On the other hand, this error seems to be a problem when Wazuh tries to recursively scan too many folders. As a workaround, you can set a limit to the folder recursion. i.e. e:/programa</directories could be configured like:
<directories recursion_level="10" check_all="yes" whodata="yes">e:/programa</directories>
and test if this limit satisfies your requirement and avoids the crash.
Let me know how the test goes and if you have further doubts please don`t hesitate to ask.
Best regards.