Agent Blocking Intel Graphics .bat Files
search cancel

Agent Blocking Intel Graphics .bat Files


Article ID: 288535


Updated On:


Carbon Black App Control (formerly Cb Protection)


When logging in to an endpoint, users see blocks on files with random names similar to: {a6d608f0-0bde-491a-97ae-5c4b05d86e01}.bat


  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions


These temporary files are dynamically created on execution and deleted shortly or immediately after. Without an Approval Method in place, the Agent will enforce execution blocks.


Create a Custom Rule that will allow the current files to be executed, and future files to be issued a Local Approval:

  1. Log in to the Console and go to Rules > Software Rules > Custom > Add Custom Rule.
  2. Use the following details:
    • Rule Name: Approve Dynamic Intel Graphics Files (or something memorable)
    • Platform: Windows
    • Rule Type: Advanced
    • Operation: Execute and Write
    • Execute Action: Allow
    • Write Action: Approve
    • Path or File: <relevant files from Block Events, example:>
      • c:\windows\system32\{a6d608f0-0bde-491a-97ae-5c4b05d86e01}.bat
      • c:\intel\gfxcplbatchfiles\{a6d608f0-0bde-491a-97ae-5c4b05d86e01}.bat
    • Process: <relevant Process, or use Any if it cannot be determined>
    • User: Any User
  3. Click Save & Exit

Additional Information

  • This file is used by the endpoint to launch the Intel Graphics Driver service.
  • The GUID or path may differ based on the driver version.
  • Validate the paths provided against the Block Events observed.