Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Execution Block (Still Analyzing) on SQL Server updater

Execution Block (Still Analyzing) on SQL Server updater




When trying to install the patch updater for SQL server, the file is blocked with (still analyzing) subtype.

This appears to be linked to a specific file. sqlserver2012sp3-kb3072779-x64-enu.exe


Due to the size of this executable file, we are unable to complete the analysis allowing us to confirm this file is approved.


In the Carbon Black Protection Console go to the following link.

  • https://<servername>/agent_config.php
  • Filter for Value contains "kernelLocalABMissTimeout", if this does not exist, create a new config
  • Name: Unanalyzed block timeout for local files (milliseconds)
  • HostID: *
  • Value: kernelLocalABMissTimeout=120000

* Host ID should be specified. In the Console go to Assets > Computers > Select computer > "hostid= " will be in the address bar of the browser.

  • Revert the value back to kernelLocalABMissTimeout=60000 after completion.

Important Note(s)

Do not adjust any other configuration under the agent_config. Doing this can cause unexpected results.

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Creation Date: