App Control: Agent Configs Commonly Used for Unanalyzed Blocks, Unhashed Blocks, & Timeouts
search cancel

App Control: Agent Configs Commonly Used for Unanalyzed Blocks, Unhashed Blocks, & Timeouts

book

Article ID: 286757

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

The most common symptom of this issue is a block occurring with no file hash present in the event in the Console. 

Environment

  • App Control Agent: All Supported Versions

Cause

This occurs when the Agent does not have time to properly analyze a file. This is typically caused by latency on the endpoint; network or third party antivirus being the most common root cause.

Resolution

  1. Having proper antivirus exclusions (Windows, macOS, Linux) can prevent these types of Block Events:
  2. Verifying the latest version of the Agent is installed will eliminate the potential this is related to a known issue.
  3. Depending on the type of Unanalyzed Block, one or more of the following Agent Configs may alleviate the issue:
    • https://community.carbonblack.com/t5/Knowledge-Base/App-Control-Unanalyzed-block-timeout-for-local-files/ta-p/63823
    • https://community.carbonblack.com/t5/Knowledge-Base/Cb-Protection-Approve-Inaccessible-Files-based-on-Last-Known/ta-p/63824
    • https://community.carbonblack.com/t5/Knowledge-Base/App-Control-Allow-Deleted-Files-for-Analysis/ta-p/63825
    • https://community.carbonblack.com/t5/Knowledge-Base/App-Control-Allow-Inaccessible-Files/ta-p/63826