Environment

• App Control Windows Agent: Versions 8.1 to 8.6.x
• App Control Console: All Supported Versions

Symptoms

• Still analyzing blocks for OneDrive

Cause

• Known issue where Microsoft OneDrive application binaries are blocked, agent unable to analyze

Resolution

• Upgrade to agent version 8.7.x and Higher found here
• Until agent upgrade is possible the below file exclusions can be used as a workaround

1. Log into the console and navigate to the Agent Config page:
2. https://<servername>/agent_config.php
3. Click on + Add Agent Config button
4. Property Name: Workaround EP-11127 OneDrive Issue
5. Host ID: 0
6. Value: kernelFileOpExclusions=*\appdata\local\microsoft\onedrive\*.dll:2097151
7. Status: enabled
8. Click Save

Additional Notes

• Kernel exclusions (kernelProcessExclusions / kernelFileOpExclusions) are configuration rules applied to the App Control driver component which executes in kernel space. They are used to exclude specific operations processed by the driver by either file type or procedure. Kernel exclusions are ordinarily used for reasons of performance or interoperability with other program.
• The exclusion above will tell the Agent to ignore .dll files in the \appdata\local\microsoft\onedrive\* directory.

Related Content