What if they are already

bo3500001 · ‎07-01-2016

Is there a way with either a Simple or Advanced Custom detection to stop a browser extension install or to remove/detect an existing one? Can you configure an IOC scan to Quarantine a file?

Philip D'Ath · ‎07-01-2016

You could just block the URL that the extension downloads from ...

bo3500001 · ‎07-01-2016

What if they are already installed? Also, we've come to find out than when a user logs into their google account on the chrome browser, good synchronizes all their extensions for them (so the download sources are not always unique). We were hoping that we could assert some type of end-point control against these. For example, if we know the extension ID, (which creates a director with the ID name) can we create a signature somehow that quarantines every file in that directory?

Jetsy Mathew · ‎07-01-2016

Hello Team,

You can open a request with TAC so that they can escalate to Fireamp team and request if a signature possible for this in the Endpoint. Fireamp escalation team handles this kind of requests.

Rate if this answer helps you.

Regards

Jetsy

bo3500001 · ‎07-02-2016

I have done that as well.

Jetsy Mathew · ‎07-05-2016

Did they provided any signature ?

bo3500001 · ‎07-06-2016

Essentially, I have to find a way to write a clam AV signature myself, either with HEX signature for the extension ID string or a sha256 of the extension HTML files. No response on why there is not an AMP record of the file IO event when the extension loads from disk.

Block Chrome (or any browser) Extensions