Unanalyzed Blocks During Chrome Updates With Agent Installed
search cancel

Unanalyzed Blocks During Chrome Updates With Agent Installed

book

Article ID: 403841

calendar_today

Updated On:

Products

Carbon Black App Control

Issue/Introduction

Chrome updates fail due to Unanalyzed Blocks Events similar to:

File 'c:\windows\systemtemp\chrome_unpacker_beginunzipping...\VERSION_chrome_installer_uncompressed.exe' was blocked because Carbon Black App Control Agent did not have time to analyze it.

Environment

  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions
  • Microsoft Windows Defender Advanced Threat Protection

Cause

The real-time scans by Windows Defender Advanced Threat Protection are interfering with the ability of the Agent to analyze these files.

Resolution

  1. Verify Windows Defender has all the latest Agent Exclusions.
  2. Increase the kernelLocalAbMissTimeout to 90000.
  3. Verify Agent shows as Connected & Up to Date before recreating issue.
    • If the issue persists, the kernelLocalAbMissTimeout might need to be increased to 120000
    • It is not currently recommended to increase this Value over 120000

Additional Information

If the issue persists, even after setting the AbMissTimeout to 120000, open a case with Support and recreate the issue while capturing Agent Interoperability Logs.

Powered by Wolken Software