i still had some as of 857AM CST this morning

I will continue to look out for them an update my TAC case accordingly. Thanks.

Thanks for the update. I think that is expected as it will take some time to populate across the cloud, but in general it should gradually start slowing down and you should see less and less as the day progress. Either way please keep an eye on that and let us know in your TAC case on the progress.

Hey Roman,

We do experience the same behaviour on one of our endpoint. (Connector 7.5.9, Chrome 114). Can you confirm that the exprev for Chrome is fully fixed? How should I proceed in order to fix the issue? Open TAC ?

thank you

Marcel

If this issue is still related to "kernel32.dll" Chrome ExPrev events I would suggest open a TAC case just so we can gather some additional data from your side. From what I understand majority events got resolved but there are still fever that we like to look at it. Also based on the few remaining cases it seems that these events are triggered randomly and hard to reproduce which makes the investigation harder as we would like to collect some procmon logs to understand this issue better. I also understand that these are just alerts, but nothing seems affected on the user end is that correct?

Either way please open a TAC case and work with your engineer on collecting logs.


Regards,

Roman

If this is something that keeps triggering over and over I would also open TAC case to look in to this and work with engineer to collect logs. Also pictures from Secure Endpoint console would help such as screenshot from event page expanded and Device Trajectory Event Details

Its not just event message in the console. In our case Ex Prev engine blocks chrome from execution. Funny that only one machine out of 2k+ is impacted by this problem. We tried reinstall Chrome, didnt help. We will open a TAC case for deeper investigation. Thx for advice.

Marcel

Hello Roman,

I have been following this thread because of the issue described here. We started experiencing it in our environment but it was fixed after the policy update. We are starting to see it again but now on a different Chrome version 115.0.5790.110

In the past week, we have been getting a steady flow of notifications from about 60 clients at random times. Any insights you can provide. I have not gather any logs yet, but sent some files for analysis to try and get more info on the specific version of chrome. Appreciate your assistance. 

Thanks for pointing this out. We are seeing the same behavior, same version of Chrome (115.0.5790.110) which is supposed to be the latest version. TAC responded to me stating this is not correlated to a known issue. In addition, there doesn't seem to be a way to reproduce this on-demand. Users report going about their daily stuff, nothing out of the ordinary. If I get any updates, I'll add them here.

We're on version 8.1.7.21417

Thanks Ken.

We haven't seen these alerts since upgrading to build 21512.