App Control: What are Execution Block Still Analyzing Events?
search cancel

App Control: What are Execution Block Still Analyzing Events?

book

Article ID: 286774

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

What are Execution Block Still Analyzing Events?

Environment

  • App Control Agent: All Supported Versions

Resolution

Execution Blocks (Still Analyzing) will occur when the Agent hasn't finished analyzing a file that is being executed. These are expected and all machines will encounter these from time to time and just one or several blocks on a machine during a short period of time is unlikely to have an impact.

They are typically only problematic if they are recurring, if the file is deleted and doesn’t try to run again, or if the end user is impacted from the block. In these instances:
  1. Verifying the latest version of the Agent is installed will eliminate the potential this is related to a known issue.
  2. Having proper antivirus exclusions (WindowsmacOSLinux) can prevent these types of Block Events.

Additional Information

If you do encounter an application that is very “sensitive” to these blocks (i.e. can’t cleanly recover) consider adding an Execution Control > Allow rule. This will let the file run even if the Agent does not know what it is at run-time.