Environment

• App Control Agent: 8.9.2+
• Microsoft Windows: All Supported Versions

Objective

Resolution

1. Log in to the Console and navigate to: https://ServerAddress/agent_config.php
2. Click Add Agent Config and use the following details:
   • Name: Repeated BSOD Prevention (or something memorable)
   • Host ID: 0
   • Value: Change X for the number of BSOD occurrences desired before triggering a move to Visibility on the next reboot.

     kernelEnforcementOverrideDirtyLoadMaxCount=X

   • Platform: Windows
   • Status: Enabled
   • Create For: Relevant Policies
3. Click Save.

Additional Notes

• This feature is disabled by default.
• This prevention can aid in the event a critical operating system process is being blocked due to an improper Custom Rule or File Ban.
• When the specified number of blue screens are detected, the Agent will move to a Visibility Policy, preventing further occurrences.
• Once the Agent starts successfully, a timer will move the Agent out of the Override after reaching the time specified in unsettled_enforcement_override_time_minutes
• By default, unsettled_enforcement_override_time_minutes is set to 10.
• A future Health Check will be introduced to alert on this override (EP-19497)

Related Content