cancel
Showing results for 
Search instead for 
Did you mean: 
mcafeenewb
Level 9

Application Control and Google Chrome Browser

Hi, I am testing Application Control in lab in an attempt to learn more of the policies and best practices.

I started with a clean image and deployed the product; once it was enforced I let it run for a day, windows updates etc.  No issues so far.

I set the device in "Update" mode to allow for the installation of Google Chrome Browser.  Once installed I put the system back into Enforce mode.

During the course of the night alerts appeared on the client UI indicating Chrome updater had attempted to execute code that was ofcourse blocked.

So the question I have for you is, how do you handle the Chrome browser in your environment; do you trust by signer? Do you set it as an Updater?

Still a bit green on the product and are learning as I go along.

Thank you,

0 Kudos
1 Reply
mcafeenewb
Level 9

Re: Application Control and Google Chrome Browser

Hi, I wanted to provide some additional information since I felt later that more detail may return better results

Event: Execution Denied

File Name: C:\Users\<user>\AppData\Local\Apps\2.0\WWKRA50P.E7R\18BWOV3.DC\goog...app_4fe91ede9fbdca3_00001.0003_7c17dc8e9f450749\clickone_bootstrap.exe

File Name: C:\Users\<user>\AppData\Local\Apps\2.0\WWKRA50P.E7R\18BWOV3.DC\goog...app_4fe91ede9fbdca3_00001.0003_7c17dc8e9f450749\GoogleUpdateSetup.exe

Process Name: CSmiley IndifferentWindows\System32\rundll32.exe

I am 99.999% certain this is legitimate execution since this is a fresh clean image (straight from OEM disk).

Would it be prefered to trust items singed by google as an installer or is that too broad?  thoughts suggestions?

0 Kudos