Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: What are Execution Block Still Analyzing Events?

App Control: What are Execution Block Still Analyzing Events?

Environment

  • App Control Agent: All Supported Versions

Question

What are Execution Block Still Analyzing Events?

Answer

Execution Blocks (Still Analyzing) will occur when the Agent hasn't finished analyzing a file that is being executed. These are expected and all machines will encounter these from time to time and just one or several blocks on a machine during a short period of time is unlikely to have an impact.

They are typically only problematic if they are recurring, if the file is deleted and doesn’t try to run again, or if the end user is impacted from the block. In these instances:
  1. Verifying the latest version of the Agent is installed will eliminate the potential this is related to a known issue.
  2. Having proper antivirus exclusions (WindowsmacOSLinux) can prevent these types of Block Events.

Additional Notes

If you do encounter an application that is very “sensitive” to these blocks (i.e. can’t cleanly recover) consider adding an Execution Control > Allow rule. This will let the file run even if the Agent does not know what it is at run-time.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎08-28-2015
Views:
6313
Contributors