Version
All
Issue
When trying to install the patch updater for SQL server, the file is blocked with (still analyzing) subtype.
This appears to be linked to a specific file. sqlserver2012sp3-kb3072779-x64-enu.exe
Cause
Due to the size of this executable file, we are unable to complete the analysis allowing us to confirm this file is approved.
Solution
In the Carbon Black Protection Console go to the following link.
- https://<servername>/agent_config.php
- Filter for Value contains "kernelLocalABMissTimeout", if this does not exist, create a new config
- Name: Unanalyzed block timeout for local files (milliseconds)
- HostID: *
- Value: kernelLocalABMissTimeout=120000
* Host ID should be specified. In the Console go to Assets > Computers > Select computer > "hostid= " will be in the address bar of the browser.
- Revert the value back to kernelLocalABMissTimeout=60000 after completion.
Important Note(s)
Do not adjust any other configuration under the agent_config. Doing this can cause unexpected results.