This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Manual malware cleanup required: 'Google Chrome' at 'C:\Program Files (x86)\Google\Chrome\Application\chrome.exe'

Hello all.

 

I have a question and I can't seem to find an answer. I am new to Sophos so forgive me if there is an answer out there for this already.

 

I have this error on multiple machines out in the field.

 

Manual malware cleanup required: 'Google Chrome' at 'C:\Program Files (x86)\Google\Chrome\Application\chrome.exe'

 

I have attached a screenshot below.

 

Any help on this would be appreciated.

 

Thanks.

 

Screenshot:



This thread was automatically locked due to age.
  • Hello cjsmith,

     

    Intercept X, the Sophos watchdog triggers such alerts based on the process behaviour. It may be possible that Google Chrome process may have "behaved" suspiciously, like accessing a program, modifying a file, tried to access a system file or such likes. Most likely, according to my experience, its a false positive. What do you get when you click on Details? Do you get any details about the files accessed?

     

    G33k

  • Hello G33k,

     

    Thank you for taking the time to respond.

     

    Here is the message that I get and I can't seem to find where it wants me to go to take a look.

     

     

    Thanks again!

  • I am having this same exact issue. Does this for firefox as well. 

  • Hi cjsmith,

    Is this alert triggered when you stream any media? or could you explain more on how to recreate this issue?

    Also, can you share the event viewer entry for this alert? Open the event viewer > Application Event log and check for Event ID 911 and share it here so that we can have more insight on this alert.

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • You said you are new to Sophos, does this mean you just recently installed Sophos Central on production workstations that have already been out there for awhile, if so it is possible there is an add-on or extension to Chrome that is causing the issue.  I would try it on a fresh install of chrome as see if it re-occurs, also go to the workstation in question and look through Chrome, the history, add-ons, extensions etc. etc.. It could be poorly written code on something someone else added to Chrome.

  • Hello.

     

    I have no idea what triggers this. I have been unable to recreate the issue myself and while I am sure something is triggering it, it seems random.

  • This is a good point that you've made. I will take a new workstation and install Chrome.

     

    Some of the most common add-ons include things like online meeting add ins and similar. I will add one at the time and see if I can get it to trigger again.

     

    I'll keep you all up to date.

     

    Thanks for the advice!

  • Hi cjsmith,

    Can you share the details of the event ID 911 corresponding to that detection from the client machine? 

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.