Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Troubleshooting Unexpected Blocks

App Control: Troubleshooting Unexpected Blocks

Environment

  • App Control Console: All Supported Versions
  • App Control Agent: All Supported Versions

Symptoms

Unexpected blocks on the endpoints.

Cause

Potential reasons for Unexpected Blocks:
  • Path and/or process are not specified properly in existing Custom Rule
  • CL Version of Agent is not up to date
  • Publisher related issues ("IneligibleForApproval" due to CERT_TRUST_IS_PARTIAL_CHAIN)
  • Cache Corruption on the local Agent

Resolution

  1. Verify the existing Custom Rule's Path and/or Process are specified correctly:
  2. Verify the Agent is showing as the most recent CL Version:
  3. If the Block Events are showing as Unanalyzed Blocks review:
  4. If the Block Events are related to an Approved Publisher but showing as "IneligibleForApproval" due to CERT_TRUST_IS_PARTIAL_CHAIN:
  5. The Agent's local cache has been corrupted due to power loss/OS crash or other conflicts:
  6. If none of these options have resolved the issue then collect the following when opening a case with Support:

Related Content


Labels (1)
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎11-20-2020
Views:
383
Contributors