topic Hello Team, in Endpoint Security

Block Chrome (or any browser) Extensions

bo3500001 — Fri, 21 Feb 2020 05:01:20 GMT

Is there a way with either a Simple or Advanced Custom detection to stop a browser extension install or to remove/detect an existing one? Can you configure an IOC scan to Quarantine a file?

You could just block the URL

Philip D'Ath — Fri, 01 Jul 2016 20:41:32 GMT

You could just block the URL that the extension downloads from ...

What if they are already

bo3500001 — Fri, 01 Jul 2016 20:51:37 GMT

What if they are already installed? Also, we've come to find out than when a user logs into their google account on the chrome browser, good synchronizes all their extensions for them (so the download sources are not always unique). We were hoping that we could assert some type of end-point control against these. For example, if we know the extension ID, (which creates a director with the ID name) can we create a signature somehow that quarantines every file in that directory?

Hello Team,

Jetsy Mathew — Sat, 02 Jul 2016 06:05:51 GMT

Hello Team,

You can open a request with TAC so that they can escalate to Fireamp team and request if a signature possible for this in the Endpoint. Fireamp escalation team handles this kind of requests.

Rate if this answer helps you.

Regards

Jetsy

I have done that as well.

bo3500001 — Sat, 02 Jul 2016 14:04:42 GMT

I have done that as well.

Did they provided any

Jetsy Mathew — Wed, 06 Jul 2016 05:25:41 GMT

Did they provided any signature ?

Essentially, I have to find a

bo3500001 — Wed, 06 Jul 2016 12:21:38 GMT

Essentially, I have to find a way to write a clam AV signature myself, either with HEX signature for the extension ID string or a sha256 of the extension HTML files. No response on why there is not an AMP record of the file IO event when the extension loads from disk.