App Control: How To Enable Repeated BSOD Prevention
Article ID: 286560
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Prevent repeated blue screens due to Policy Enforcement by Agents on endpoints.
Environment
- App Control Agent: 8.9.2+
- Microsoft Windows: All Supported Versions
Resolution
| Warning: While in the Override (Visibility) the Agent will not enforce any Custom Rules or Bans until moved back into a Control Mode. |
- Log in to the Console and navigate to: https://ServerAddress/agent_config.php
- Click Add Agent Config and use the following details:
- Name: Repeated BSOD Prevention (or something memorable)
- Host ID: 0
- Value: Change X for the number of BSOD occurrences desired before triggering a move to Visibility on the next reboot.
kernelEnforcementOverrideDirtyLoadMaxCount=X
- Platform: Windows
- Status: Enabled
- Create For: Relevant Policies
- Click Save.
Additional Information
- This feature is disabled by default.
- This prevention can aid in the event a critical operating system process is being blocked due to an improper Custom Rule or File Ban.
- When the specified number of blue screens are detected, the Agent will move to a Visibility Policy, preventing further occurrences.
- Once the Agent starts successfully, a timer will move the Agent out of the Override after reaching the time specified in unsettled_enforcement_override_time_minutes
- By default, unsettled_enforcement_override_time_minutes is set to 10.
- A future Health Check will be introduced to alert on this override (EP-19497)
Feedback
Yes
No
Powered by
