Hi, I am testing Application Control in lab in an attempt to learn more of the policies and best practices.
I started with a clean image and deployed the product; once it was enforced I let it run for a day, windows updates etc. No issues so far.
I set the device in "Update" mode to allow for the installation of Google Chrome Browser. Once installed I put the system back into Enforce mode.
During the course of the night alerts appeared on the client UI indicating Chrome updater had attempted to execute code that was ofcourse blocked.
So the question I have for you is, how do you handle the Chrome browser in your environment; do you trust by signer? Do you set it as an Updater?
Still a bit green on the product and are learning as I go along.
Hi, I wanted to provide some additional information since I felt later that more detail may return better results
Event: Execution Denied
File Name: C:\Users\<user>\AppData\Local\Apps\2.0\WWKRA50P.E7R\18BWOV3.DC\goog...app_4fe91ede9fbdca3_00001.0003_7c17dc8e9f450749\clickone_bootstrap.exe
File Name: C:\Users\<user>\AppData\Local\Apps\2.0\WWKRA50P.E7R\18BWOV3.DC\goog...app_4fe91ede9fbdca3_00001.0003_7c17dc8e9f450749\GoogleUpdateSetup.exe
Process Name: CWindows\System32\rundll32.exe
I am 99.999% certain this is legitimate execution since this is a fresh clean image (straight from OEM disk).
Would it be prefered to trust items singed by google as an installer or is that too broad? thoughts suggestions?