Agent Config to allow a deleted file for analysis. This is typically beneficial when the Agent is enforcing Unanalyzed Blocks.

• App Control Agent: All Supported Versions
• App Control Console: All Supported Versions

Unanalyzed file blocks occur when the Agent does not have time to properly analyze a file. This is typically caused by latency on the endpoint; network or third party antivirus being the most common root cause.

1. Verify the Agent Exclusions are present in any other antivirus/security software on the endpoint.
2. Verify the latest version of the Agent is installed will eliminate the potential this is related to a known issue.

If the issue persists, or as directed by Support, the following workaround may resolve the issue:

1. Log in to the Console and navigate to https://ServerAddress/agent_config.php > Add Agent Config:
   
   • Property Name: Allow Deleted Files for Analysis
   • Host ID: 0 (0 will send the config to all machines)
   • Value:

     kernelAllowDeletedFiles=1

   • Status: Enabled
   • Create For: All, or only relevant Policies
2. Click Save.

• If an abmiss check found that the file does not exist (has been deleted before the Agent could hash the file) and the operation is an open or create of a script file:
  • kernelAllowDeletedFiles=1: Driver will prevent the operation.
  • kernelAllowDeletedFiles=0: Driver will allow the operation, and let the OS handle the missing file situation.
• Note that the driver considers an “open” operation on a script file as an execute.
• Security Risk: Low
• Operational Risk: Low to none.