Steps to prevent repeated blue screens due to Policy Enforcement by Agents on endpoints. 

• App Control Agent: 8.9.2+
• Microsoft Windows: All Supported Versions

• This feature can aid in the event a critical operating system process is being blocked due to an improper Custom Rule or File Ban.
• When the specified number of blue screens are detected, the Agent will temporarily move to a Visibility Policy, preventing further occurrences.
• Once the Agent starts successfully, a timer will move the Agent out of the Override after reaching the time specified in unsettled_enforcement_override_time_minutes

1. Verify the Agent is on version 8.10.0+
2. Log in to the Console and navigate to: https://ServerAddress/agent_config.php
3. Create (or edit) the Config for Repeated BSOD Prevention
   
   • Name: Repeated BSOD Prevention (or something memorable)
   • Host ID: 0
   • Value: Change X for the number of BSOD occurrences desired before triggering a move to Visibility on the next reboot.

     kernelEnforcementOverrideDirtyLoadMaxCount=X

   • Platform: Windows
   • Status: Enabled
   • Create For: Relevant Policies
4. Save the changes.
5. Create (or edit) the Config to determine the Unsettled Override Time (in minutes)
   • Name: Repeated BSOD Override Time (or something memorable)
   • Host ID: 0
   • Value: Change X for the desired number of minutes in Override

     unsettled_enforcement_override_time_minutes=X

   • Platform: Windows
   • Status: Enabled
   • Create For: Relevant Policies
6. Save the changes.

• As of Agent version 8.10.0
  • Maximum Repeated BSOD is set to 2 repeated occurrences 

    kernelEnforcementOverrideDirtyLoadMaxCount=2

  • Override Time is set to 10 minutes

    unsettled_enforcement_override_time_minutes=10

• Agents will trigger a failed Health Check when moved to the Unsettled Enforcement Override.