cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
16847
Views
16
Helpful
44
Replies

Chrome.exe exploit prevention events

benwe
Level 1
Level 1

I have over 500 alerts for chrome.exe exploit prevention alerts on all different devices in Secure Endpoint the past couple of days.

All the same hash

55c3f36080f2ddbf4c47d6685fa42333ee0172866a31c0f29c1797dc2954ab29

I have added that hash to the allow list and it still blowing up. 

Any ideas?

benwe_0-1683293197558.png

 

44 Replies 44

Started updating some test clients to build 21512 and the notifications are no longer happening from these clients. About to update everyone in the next few days.

We are using version 8.1.5.21322 Have not had a chance to test 8.1.7 yet

mcapradeep2016
Level 1
Level 1

latest AMP endpoint is block to google,

Solution :- Please Rename to google eg- google1, google2. and try open this you have 100% sucess. 

nino.renzi
Level 1
Level 1

c22900ff05997d12c4e78c7d76564a388e6d174fe8f78f344cf7bddadb882333

Still ongoing issue, is Cisco even working on this, with every new updates of chrome or even updating the agent the issue is still there, tired of uploading logs and endless conversations with support.  just fix it, test in your environment, test on your systems.  this is not an end user issue this is a global issue effecting everyone. Cisco needs to start working on this or we will drop our endpoint solution and get something with better support.  

Hey Nino,

Could you verify it is still happening on 8.2.1?  We released a ton of updates relating to the issue with 8.2.1 and would like to work with you if it is still happening to figure out the cause.  

Hello CalyH

I'm inclined to agree with Nino, we can't be doing this every time there is Chrome update. I got over 500 notifications in the past hour. I can test the update to 8.2.x but this issue needs to be addressed permanently.

This needs to be escalated because the answer can not be to upgrade the client every time there's a google update. 

CalyH
Cisco Employee
Cisco Employee

Eduren,

We honestly agree with you.  We are discussing architecture changes that would allow us to better independently correct exploit prevention issues outside of full connector updates but this is still in brainstorming.  As for this issue, however, it should be fully addressed in 8.2.1.  

Caly,
Does EP only updated with an endpoint update? No "patterns"/"rules" etc.?

Ken

Ken,
We can set up exclusions for processes and dlls independent of endpoint updates, but any other mechanisms like pattern recognition and monitoring mechanisms cannot be changed without a software change, which currently requires an endpoint update.  

Caly

We try to stay one version behind, we recently had a AMP version that was not compatible with a new Chrome version and deleted every chrome user profile for 3000 users and that was a really bad screwup on cisco side deleting the chrome profiles.  Not a good we had literally people with torches and pitchforks ready to do you know what to us.  so im going to have to test this first.  

Nino,

I totally understand the hesitancy with a history like that.  Definitely encouraged to test first.  If you're still having issues, please open a TAC case and mention this thread so the engineer knows where to route it so we can get this resolved.  

O Flavio Costa
Level 1
Level 1

Hi all, any updates from Cisco? I'm having the same issues when trying to open streaming services or applications like Spotify. On my case the issue happens in only one endpoint.

Windows 10 Home Single Language (Build 19045.3693)
Chrome version 119.0.6045.160
Secure Endpoint Connector version: 8.0.1.21160
Chrome.exe (af954836bf1a1e5e4e7abfe072438c1d0f24df8df83e2834aa533ab82e2e6965)

 

Hi.

Looks like the new agent resolves that issue. I wished Cisco would just send out patches to update the clients instead of having to deploy all new agents. This is a huge pain because we have to go through testing first before we can deploy to all 3000 users. And there is the dreaded windows notification that tells people they have no AV turned on causing even more help desk tickets. When will Cisco listen to end users and stop dancing around the issues.



jshupick
Level 7
Level 7

Happening again with latest version of Chrome and latest version of client.
Chrome 120.0.6099.225 

Cisco Secure Client 5.0.00889  Agent Version: 8.2.1.21650



nino.renzi
Level 1
Level 1

yup looks like it, spend a week every day creating new groups, new policies, moved all the different departments one at a time. now back to square one.  so are we having to upgrade again or is cisco going to fix this internally.