Environment
- App Control Agent: 8.5 - 8.7.2
Symptoms
Chrome, MS Edge, Teams upgrades triggering unanalyzed blocks where the file hash is missing from the block event (most commonly seen with "chrome_elf.dll")
Cause
This is a known issue with agents 8.7.2 and prior where the agent uses a cached file path instead of the actual file path from the file operation thus resulting in hash miss and unanalyzed block
Resolution
The issue EP-13750 has been resolved with the 8.7.4 Agent version which can be found
here
Additional Notes
There is also an agent configuration that can be applied to allow executions of files that don't exist or have been deleted before file analysis began
per this KB
Related Content