Unanalyzed Blocks During Chrome Updates With Agent Installed

search cancel

Unanalyzed Blocks During Chrome Updates With Agent Installed

book

Article ID: 403841

calendar_today

Updated On:

Products

Carbon Black App Control

Issue/Introduction

Chrome updates fail due to Unanalyzed Blocks Events similar to:

File 'c:\windows\systemtemp\chrome_unpacker_beginunzipping...\VERSION_chrome_installer_uncompressed.exe' was blocked because Carbon Black App Control Agent did not have time to analyze it.

Environment

App Control Agent: All Supported Versions
Microsoft Windows: All Supported Versions
Microsoft Windows Defender Advanced Threat Protection

Cause

The real-time scans by Windows Defender Advanced Threat Protection are interfering with the ability of the Agent to analyze these files.

Resolution

Verify Windows Defender has all the latest Agent Exclusions.
Increase the kernelLocalAbMissTimeout to 120000.
Verify Agent shows as Connected & Up to Date before recreating issue.
- If the issue persists, open a case with Support and recreate the issue while capturing Agent Interoperability Logs.
- In some cases setting kernelLocalAbMissTimeout to 90000 may also resolve the issue.
- It is not currently recommended to increase this Value over 120000.

Feedback

thumb_up Yes

thumb_down No