App Control: Random .dll Blocks Occurring On Temporary Files
search cancel

App Control: Random .dll Blocks Occurring On Temporary Files


Article ID: 286431


Updated On:


Carbon Black App Control (formerly Cb Protection)


Agent enforcing Execution Blocks on random .dll files associated with a temporary .NET Framework directory.


  • App Control Agent: All Supported Versions
  • App Control Server: All Supported Versions
  • Microsoft Windows: All Supported Versions


The temporary files are expected by the application to be created and executed before the App Control Agent would otherwise be able to fully analyze or issue the relevant Local Approval necessary.


Create a new Custom Rule that uses the Rule Type, "Execution Control" and the Action, "Allow". 
  1. Determine the relevant Process and File Path(s) being blocked in the Console > Reports > Events.
  2. Use this information to create a new Custom Rule in Rules > Software Rules > Custom.
    • Status: Enabled
    • Rule Type: Execution Control
    • Execute Action: Allow
    • Path or File: Specify the File Path(s) determined in Step 1.
    • Process: Specify the Process determined in Step 1.
    • Save & Exit
  3. Confirm the Agent shows as Connected and Up To Date in Assets > Computers after creating the Custom Rule and attempt to recreate the Execution Block.

Additional Information

  • This example Custom Rule can be further restricted by limiting to specific Policies, Users, or through the use of Wildcards.
  • More information on Custom Rules can be found in the User Guide chapter, "Approving and Banning Software".