Troubleshooting Unanalyzed Blocks
Article ID: 286757
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Agent is enforcing Block Events similar to:
File 'C:\Program Files (x86)\AcmeAccounting\acme.exe' [] was blocked because the Agent did not have time to analyze it.
Environment
- App Control Agent: All Supported Versions
- App Control Console: All Supported Versions
Cause
Unanalyzed file blocks occur when the Agent does not have time to properly analyze a file. This is typically caused by latency on the endpoint; network or third party antivirus being the most common root cause.
Resolution
- Verify the Agent Exclusions are present in any other antivirus/security software on the endpoint.
- Sharing Violations are one of the most common culprits for Unanalyzed Blocks.
- Verify the latest version of the Agent is installed to eliminate the potential this is related to a known issue.
If the issue persists:
- Recreate the issue while capturing the Agent Performance Logs.
- If this is happening on Windows, be sure to include a Low Altitude Procmon.
- Open a case with Support and include:
- How the issue is recreated.
- The logs captured.
- Screenshots of any relevant Custom Rules/Updaters/Rapid Configs.
- Whether the environment is virtualized (persistent/non-persistent) or physical.
Additional Information
Depending on the type of Unanalyzed Block, one or more of the following Agent Configs may alleviate the issue:
Feedback
Yes
No
Powered by
