App Control: Windows Store App Blocks With Rapid Config Enabled
search cancel

App Control: Windows Store App Blocks With Rapid Config Enabled

book

Article ID: 286661

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • Agent enforcing blocks on software applications installed/updated via the Windows App Store.
  • Rapid Config for Windows App Store is enabled.
  • Paths for non-Microsoft standards are present for Windows Store objects

Environment

  • App Control Console: All Supported Versions
  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions

Cause

The Rapid Config is designed to issue Local Approvals for files when the Agent sees them being written. There are two potential reasons the Rapid Config would not have applied to this situation:
  • If the files are already written, the Rapid Config will not apply.
  • If the files are in a path that is not currently included, the Rapid Config will not apply.

Resolution

The Rapid Config may need to be adjusted to include the new path(s) and existing, trusted files, will need to be Approved.

Adjust the Rapid Config Accordingly: This will issue Local Approvals going forward.
  1. Log in to the Console and navigate to Rules > Software Rules > Rapid Configs
  2. Edit (pencil icon) the Windows App Store.
  3. Add any additional paths that are required.
    Examples:
    \windowsapps\*hpprintercontrol*\*
    \windowsapps\appup.intelgraphicsexperience*\*
  4. Save the changes.

Issue Local Approvals For Existing Files: This will allow executions of current files.
  1. Log in to the Console and navigate to Assets > Files > Files on Computers
  2. Show Filters > Add Filters:
    • File Path > begins with: Paste/type the path in the text box
    • Local State > is: Unapproved
    • Computer > is: relevant Computer
  3. Apply
  4. Select one or more of the filtered files
  5. Action > Locally Approve

Additional Information

  • The Default Paths for this Rapid Config include:
    <programfiles>\windowsapps\microsoft.*
    <programfiles>\windowsapps\microsoftteams.*
    
  • If necessary an alternative to the Local Approvals option above would be to temporarily use a Custom Rule that uses Execution Control > Allow for matching Process/Path combinations.