Environment
- App Control Agent: All Supported Versions
Question
What are Execution Block Still Analyzing Events?
Answer
Execution Blocks (Still Analyzing) will occur when the Agent hasn't finished analyzing a file that is being executed. These are expected and all machines will encounter these from time to time and just one or several blocks on a machine during a short period of time is unlikely to have an impact.
They are typically only problematic if they are recurring, if the file is deleted and doesn’t try to run again, or if the end user is impacted from the block. In these instances:
- Verifying the latest version of the Agent is installed will eliminate the potential this is related to a known issue.
- Having proper antivirus exclusions (Windows, macOS, Linux) can prevent these types of Block Events.
Additional Notes
If you do encounter an application that is very “sensitive” to these blocks (i.e. can’t cleanly recover) consider adding an Execution Control > Allow rule. This will let the file run even if the Agent does not know what it is at run-time.
Related Content