1 Reply Latest reply on Jun 18, 2013 8:59 PM by mcafeenewb

    Application Control and Google Chrome Browser

    mcafeenewb

      Hi, I am testing Application Control in lab in an attempt to learn more of the policies and best practices.

       

      I started with a clean image and deployed the product; once it was enforced I let it run for a day, windows updates etc.  No issues so far.

       

      I set the device in "Update" mode to allow for the installation of Google Chrome Browser.  Once installed I put the system back into Enforce mode.

       

      During the course of the night alerts appeared on the client UI indicating Chrome updater had attempted to execute code that was ofcourse blocked.

       

       

       

      So the question I have for you is, how do you handle the Chrome browser in your environment; do you trust by signer? Do you set it as an Updater?

       

      Still a bit green on the product and are learning as I go along.

       

      Thank you,

        • 1. Re: Application Control and Google Chrome Browser
          mcafeenewb

          Hi, I wanted to provide some additional information since I felt later that more detail may return better results

           

          Event: Execution Denied

          File Name: C:\Users\<user>\AppData\Local\Apps\2.0\WWKRA50P.E7R\18BWOV3.DC\goog...app_4fe91 ede9fbdca3_00001.0003_7c17dc8e9f450749\clickone_bootstrap.exe

          File Name: C:\Users\<user>\AppData\Local\Apps\2.0\WWKRA50P.E7R\18BWOV3.DC\goog...app_4fe91 ede9fbdca3_00001.0003_7c17dc8e9f450749\GoogleUpdateSetup.exe

           

          Process Name: C:|Windows\System32\rundll32.exe

           

          I am 99.999% certain this is legitimate execution since this is a fresh clean image (straight from OEM disk).

           

          Would it be prefered to trust items singed by google as an installer or is that too broad?  thoughts suggestions?