App Control: Blocks in the c:\program files\windowsapps\ directory
search cancel

App Control: Blocks in the c:\program files\windowsapps\ directory

book

Article ID: 288290

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Block events in the c:\program files\windowsapps\ directory.

Environment

  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions

Cause

  • Windows App Store files (appx packages) are currently not tracked as interesting files by App Control
  • Current mechanism to approve Windows updates doesn't consider Apps as part of the operating system.

Resolution

  1. Login to the App Control console
  2. Navigate to Rules > Software Rules > Rapid Configs tab
  3. Enable the "Windows App Store" Rapid Config
    • To modify the Rapid Config to only allow certain applications, click "View Details" next to the rule

Additional Information

  • The Rapid Config approves on write. If a file in the directory existed prior to creating and enabling the rules, it would be expected for the file to be blocked. Another approval method such as locally approving the file will be necessary if this scenario occurs.
  • If the Windows App Store Rapid Config is already enabled with the blocks occurring, please open a Support case and provide a set of agent logs for further analysis of these blocks: https://community.carbonblack.com/t5/Knowledge-Base/App-Control-How-to-Collect-Historical-Agent-Logs-Remotely-for/ta-p/63172