Environment
App Control Agent: 8.7.0 - 8.7.6
Symptoms
- App Control agent was recently upgraded to 8.7+
- File Explorer takes several minutes to open or load a window
- Outlook performance/search is very slow
- Windows search is very slow
Cause
The root cause for this has been determined to be a interop issue between the App C agent and "SearchIndexer.exe"
Resolution
This issue will be fixed in the 8.7.8 release with the following available workaround:
- Navigate to https://CBSERVER/agent_config.php
- Click "Add Agent Config"
Property Name: Interop Fix - SearchIndexer.exe
Host ID: 0
Value:
kernelProcessExclusions=*\Windows\system32\SearchIndexer.exe:2094975
Platform: Windows
Status: Enabled
Create for: All or specified polices
Save it
- Verify that the agents are Up to Date
Additional Notes
- Current ETA for the 8.7.8 release is mid to end of July
- The exclusion for "SearchIndexer.exe" stops the agent from tracking all file operations except Executions for this process (e.g. Create/Write/Modify)
- Therefore, when SearchIndexer executes an Unapproved or Banned file, the operations will still get blocked
- This issue is often seen when OneDrive is enabled
- If the config "disabled_features=OneDriveFilesOnDemandSupport" was previously added to fix this issue, it can now be disabled on the Agent_config.php page
