When logging in to an endpoint, users see blocks on files with random names similar to: {a6d608f0-0bde-491a-97ae-5c4b05d86e01}.bat

• App Control Agent: All Supported Versions
• Microsoft Windows: All Supported Versions

These temporary files are dynamically created on execution and deleted shortly or immediately after. Without an Approval Method in place, the Agent will enforce execution blocks.

Create a Custom Rule that will allow the current files to be executed, and future files to be issued a Local Approval:

1. Log in to the Console and go to Rules > Software Rules > Custom > Add Custom Rule.
2. Use the following details:
   • Rule Name: Approve Dynamic Intel Graphics Files (or something memorable)
   • Platform: Windows
   • Rule Type: Advanced
   • Operation: Execute and Write
   • Execute Action: Allow
   • Write Action: Approve
   • Path or File: <relevant files from Block Events, example:>
     • c:\windows\system32\{a6d608f0-0bde-491a-97ae-5c4b05d86e01}.bat
     • c:\intel\gfxcplbatchfiles\{a6d608f0-0bde-491a-97ae-5c4b05d86e01}.bat
   • Process: <relevant Process, or use Any if it cannot be determined>
   • User: Any User
3. Click Save & Exit

• This file is used by the endpoint to launch the Intel Graphics Driver service.
• The GUID or path may differ based on the driver version.
• Validate the paths provided against the Block Events observed.