App Control: Random .dll Blocks Occurring On Temporary asp.net Files
Article ID: 286431
Updated On: 09-06-2022
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Agent enforcing Execution Blocks on random .dll files associated with a temporary .NET Framework directory.
Environment
- App Control Agent: All Supported Versions
- App Control Server: All Supported Versions
- Microsoft Windows: All Supported Versions
Cause
The temporary files are expected by the application to be created and executed before the App Control Agent would otherwise be able to fully analyze or issue the relevant Local Approval necessary.
Resolution
Create a new Custom Rule that uses the Rule Type, "Execution Control" and the Action, "Allow".
- Determine the relevant Process and File Path(s) being blocked in the Console > Reports > Events.
- Use this information to create a new Custom Rule in Rules > Software Rules > Custom.
- Status: Enabled
- Rule Type: Execution Control
- Execute Action: Allow
- Path or File: Specify the File Path(s) determined in Step 1.
- Process: Specify the Process determined in Step 1.
- Save & Exit
- Confirm the Agent shows as Connected and Up To Date in Assets > Computers after creating the Custom Rule and attempt to recreate the Execution Block.
Additional Information
- This example Custom Rule can be further restricted by limiting to specific Policies, Users, or through the use of Wildcards.
- More information on Custom Rules can be found in the User Guide chapter, "Approving and Banning Software".
Feedback
Was this article helpful?
Yes
No
Powered by
