Chrome.exe exploit prevention events - Page 3

benwe · ‎05-05-2023

I have over 500 alerts for chrome.exe exploit prevention alerts on all different devices in Secure Endpoint the past couple of days.

All the same hash

55c3f36080f2ddbf4c47d6685fa42333ee0172866a31c0f29c1797dc2954ab29

I have added that hash to the allow list and it still blowing up.

Any ideas?

eduren · ‎08-02-2023

Started updating some test clients to build 21512 and the notifications are no longer happening from these clients. About to update everyone in the next few days.

eduren · ‎07-31-2023

We are using version 8.1.5.21322 Have not had a chance to test 8.1.7 yet

mcapradeep2016 · ‎09-12-2023

latest AMP endpoint is block to google,

Solution :- Please Rename to google eg- google1, google2. and try open this you have 100% sucess.

nino.renzi · ‎09-28-2023

c22900ff05997d12c4e78c7d76564a388e6d174fe8f78f344cf7bddadb882333

Still ongoing issue, is Cisco even working on this, with every new updates of chrome or even updating the agent the issue is still there, tired of uploading logs and endless conversations with support. just fix it, test in your environment, test on your systems. this is not an end user issue this is a global issue effecting everyone. Cisco needs to start working on this or we will drop our endpoint solution and get something with better support.

CalyH · ‎09-28-2023

Hey Nino,

Could you verify it is still happening on 8.2.1? We released a ton of updates relating to the issue with 8.2.1 and would like to work with you if it is still happening to figure out the cause.

eduren · ‎09-28-2023

Hello CalyH

I'm inclined to agree with Nino, we can't be doing this every time there is Chrome update. I got over 500 notifications in the past hour. I can test the update to 8.2.x but this issue needs to be addressed permanently.

This needs to be escalated because the answer can not be to upgrade the client every time there's a google update.

CalyH · ‎09-28-2023

Eduren,

We honestly agree with you. We are discussing architecture changes that would allow us to better independently correct exploit prevention issues outside of full connector updates but this is still in brainstorming. As for this issue, however, it should be fully addressed in 8.2.1.

Ken Stieers · ‎09-28-2023

Caly,
Does EP only updated with an endpoint update? No "patterns"/"rules" etc.?

Ken

CalyH · ‎09-28-2023

Ken,
We can set up exclusions for processes and dlls independent of endpoint updates, but any other mechanisms like pattern recognition and monitoring mechanisms cannot be changed without a software change, which currently requires an endpoint update.

Caly

nino.renzi · ‎09-28-2023

We try to stay one version behind, we recently had a AMP version that was not compatible with a new Chrome version and deleted every chrome user profile for 3000 users and that was a really bad screwup on cisco side deleting the chrome profiles. Not a good we had literally people with torches and pitchforks ready to do you know what to us. so im going to have to test this first.

CalyH · ‎09-28-2023

Nino,

I totally understand the hesitancy with a history like that. Definitely encouraged to test first. If you're still having issues, please open a TAC case and mention this thread so the engineer knows where to route it so we can get this resolved.

O Flavio Costa · ‎11-21-2023

Hi all, any updates from Cisco? I'm having the same issues when trying to open streaming services or applications like Spotify. On my case the issue happens in only one endpoint.

Windows 10 Home Single Language (Build 19045.3693)
Chrome version 119.0.6045.160
Secure Endpoint Connector version: 8.0.1.21160
Chrome.exe (af954836bf1a1e5e4e7abfe072438c1d0f24df8df83e2834aa533ab82e2e6965)

nino.renzi · ‎11-21-2023

Hi.

Looks like the new agent resolves that issue. I wished Cisco would just send out patches to update the clients instead of having to deploy all new agents. This is a huge pain because we have to go through testing first before we can deploy to all 3000 users. And there is the dreaded windows notification that tells people they have no AV turned on causing even more help desk tickets. When will Cisco listen to end users and stop dancing around the issues.

jshupick · ‎01-22-2024

Happening again with latest version of Chrome and latest version of client.
Chrome 120.0.6099.225

Cisco Secure Client 5.0.00889 Agent Version: 8.2.1.21650

nino.renzi · ‎01-24-2024

yup looks like it, spend a week every day creating new groups, new policies, moved all the different departments one at a time. now back to square one. so are we having to upgrade again or is cisco going to fix this internally.