Environment
- App Control Agent: All Supported Versions
Question
What are Execution Block Still Analyzing Events?
Answer
Execution Blocks (Still Analyzing) will occur when the agent hasn't finished analyzing a file that is being executed. These are expected and all machines will encounter these from time to time. They are typically only problematic if they are recurring, if the file is deleted and doesn’t try to run again, or if the end user is impacted from the block. But on average – just one or several blocks on a machine during a short period of time is unlikely to have an impact. Most applications will simply try again (and in this case would have succeeded on the second attempt assuming the file is locally and/or globally approved
Additional Notes
- Having proper anti-virus exclusions can help alleviate this:
- If you do encounter an application that is very “sensitive” to these blocks (i.e. can’t cleanly recover) consider adding an allow execute rule ranked above the built-in internal rules. This will let the file run even if the agent does not know what it is at run-time.
Related Content
