App Control: "c:\windows\system32\ondemandconnroutehelper.dll" Blocked Because Agent Did Not Have Time To Analyze It
search cancel

App Control: "c:\windows\system32\ondemandconnroutehelper.dll" Blocked Because Agent Did Not Have Time To Analyze It

book

Article ID: 287231

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • "c:\windows\system32\ondemandconnroutehelper.dll" blocked on endpoints because agent did not have time to¬†analyze it.
  • Implementing A/V exclusions does not resolve issue
  • Implementing agent configs related to "still unanalyzed" blocks does not resolve issue:¬† https://community.carbonblack.com/t5/Knowledge-Base/App-Control-Agent-Configs-Commonly-Used-for-Unanalyzed-Blocks/ta-p/64578

Environment

  • App Control Server: 8.6.0 and Higher
  • App Control Agent: 8.5.0 and Higher

Cause

Root cause still under investigation.

Resolution

Create a new custom rule under "Rules > Software Rules > Custom":
Rule Name: 
Rule Type: Execution Control
Execution Action: Allow

File or Path: specific path
c:\windows\system32\ondemandconnroutehelper.dll

Process: Specific process
c:\windows\system32\svchost.exe
User or Groups
Policies:
Save