DLL Blocks On "c:\windows\assembly\nativeimages" Directory
book
Article ID: 286432
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Agent is enforcing Execution Blocks on .dll files contained within the "c:\windows\assembly\nativeimages" directory.
Environment
App Control Server: All Supported Versions
App Control Agent: All Supported Versions
Microsoft Windows: All Supported Versions
Cause
The .NET Runtimes are dynamically generating these files on the endpoint. Some vendors rely upon these files being dynamically generated, and without an Approval Method in place the Agent will enforce execution blocks.
Resolution
Create a Custom Rule that will allow the current files to be executed, and future files to be issued a Local Approval:
Log in to the Console and go to Rules > Software Rules > Custom > Add Custom Rule.