Approve Inaccessible Files Based on Last Known State
search cancel

Approve Inaccessible Files Based on Last Known State


Article ID: 290149


Updated On:


Carbon Black App Control (formerly Cb Protection)


Agent Config to Approve an inaccessible file if the last known state was Approved. This is typically beneficial when the Agent is enforcing Unanalyzed Blocks.


  • App Control Agent: All Supported Versions
  • App Control Console: All Supported Versions


Unanalyzed file blocks occur when the Agent does not have time to properly analyze a file. This is typically caused by latency on the endpoint; network or third party antivirus being the most common root cause.


  1. Verify the Agent Exclusions are present in any other antivirus/security software on the endpoint.
  2. Verify the latest version of the Agent is installed will eliminate the potential this is related to a known issue.

If the issue persists, or as directed by Support, the following workaround may resolve the issue:

  1. Log in to the Console and navigate to https://ServerAddress/agent_config.php > Add Agent Config:
    • Property Name: Approve Inaccessible Files Based on Last Known State
    • Host ID: 0 (0 will send the config to all machines)
    • Value:
    • Status: Enabled
    • Create For: All, or only relevant Policies
  2. Click Save.

Additional Information

  • Description: Dictates whether or not the agent will temporarily locally approve a file when unable to re-hash at time of execution when the last known hash for the file was Approved. The purpose of this is to reduce the number of unanalyzed blocks.
  • Security Risk: Minimal/moderate (A malicious actor could overwrite an approved file with new content and lock the file, preventing analysis as a means of bypassing enforcement)
  • Operational Risk: Net plus decrease the number of analyzed blocks
  • Conflicts or Overlaps: Some overlap with allow_inaccessible_files