Agent Config to Approve an inaccessible file if the last known state was Approved. This is typically beneficial when the Agent is enforcing Unanalyzed Blocks.

• App Control Agent: All Supported Versions
• App Control Console: All Supported Versions

Unanalyzed file blocks occur when the Agent does not have time to properly analyze a file. This is typically caused by latency on the endpoint; network or third party antivirus being the most common root cause.

1. Verify the Agent Exclusions are present in any other antivirus/security software on the endpoint.
2. Verify the latest version of the Agent is installed will eliminate the potential this is related to a known issue.

If the issue persists, or as directed by Support, the following workaround may resolve the issue:

1. Log in to the Console and navigate to https://ServerAddress/agent_config.php > Add Agent Config:
   
   • Property Name: Approve Inaccessible Files Based on Last Known State
   • Host ID: 0 (0 will send the config to all machines)
   • Value:

     approve_inaccessible_files_based_on_last_known_state=1

   • Status: Enabled
   • Create For: All, or only relevant Policies
2. Click Save.

• Description: Dictates whether or not the agent will temporarily locally approve a file when unable to re-hash at time of execution when the last known hash for the file was Approved. The purpose of this is to reduce the number of unanalyzed blocks.
• Security Risk: Minimal/moderate (A malicious actor could overwrite an approved file with new content and lock the file, preventing analysis as a means of bypassing enforcement)
• Operational Risk: Net plus decrease the number of analyzed blocks
• Conflicts or Overlaps: Some overlap with allow_inaccessible_files