Hi @Jde ,
Thank you for the information.
Kindly raise a support case with McAfee Technical Support with all these information to perform indepth troubleshooting of this issue.
Was there ever a solution found for this issue? We've been having the same issue since the end of last year.
Also before I get a comment about it, I originally raised a ticket with support back in January and after a few months of going back and forth to try and re-create the issue and provide logs/evidence I was eventually told to go talk to Google about McAfee's DLP solution having an issue with Chrome since no one else was having this issue. Fast forward a few months to now and it appears others are also having the same issue.
I'm not really looking to open what would now be the 3rd - 4th ticket to solve this if it's just going to end there again. Just looking to see if other users have found a solution to this via support or on their own.
Hi, I just got a response from McAfee Support with the following. It might help for you as well. I have not implemented yet, but will be giving it a try shortly. I just wanted to give you guys the feedback as well, seeing as you are also having the issue.
The error means "Digital signature could not be verified".
Can you please check and update the root certificate for chrome browser on all the machines?
The DLP chrome extension is stored in the chrome web store.
You install DLP and turn on chrome handler, we tell chrome to go the extension.
Chrome downloads it.
It checks the certificate of the extension.
Chrome tries to verify the certificate by going to the issuer and verifying the root certificate.
For some reason, at your site, this isn't happening.
In order to update the McAfee root certificate please follow the KB - https://kc.mcafee.com/corporate/index?page=content&id=KB92937 and https://kc.mcafee.com/corporate/index?page=content&id=KB92948.
Kudos to Clarke, who seems to have found the answer. I downloaded and ran USERTrust_2038.bat to fix the expired cert issue on my machine this morning, and it has resolved the issue (so far).
You can confirm the expired certificates by opening certmgr and running Find for SHA1 Hash
(copy and paste that bad boy) in all certificate stores and you'll see a certificate that expired on 5/30/2020.
If you go to https://kc.mcafee.com/corporate/index?page=content&id=KB92937 you can find a couple of different ways to address the issue besides the .bat file, including downloading the cert and installing via GPO or via EPO server if you want to update all the certs across the enterprise.