Access official resources from Carbon Black experts
Execution blocks are detected on newly downloaded files that should be Approved.
The files are downloaded through a browser (Chrome, Firefox or IE).
The block is associated with an executable where the hash leads to a file with .partial extension.
File C:\users\administrator\appdata\local\microsoft\windows\inetcache\ie\...\sp52283.exe is blocked
The hash associated to the block leads to C:\users\administrator\appdata\local\microsoft\windows\inetcache\ie\...\sp52283.exe.y12wsd4.partial
The file is analyzed while it is still downloading (on the .partial stage) which seems to interfere with the execution of the final version of the file (without the .partial extension).
Create the following Performance Optimization rule, to ignore the write of the file while it is still downloading:
Rule Type - Performance Optimization
Path or File: