Good day everyone!
I am sure we have all seen a few of these pop up in our environments: "Safe Browsing detected browser Google Chrome has been compromised".
My question is, what steps do you take to investigate this alert? There is a rather small amount of detail in the actual alert and curious what others are doing.
Hi Kyle Parrish,
Thanks for reaching out to Sophos Community, and apologies for the delay. Did you receive any other notification for Safe Browsing after the first one? I'd recommend acknowledging the alert on Sophos Central, rebooting the device, starting a full scan, and observe if you see any further detection.
Community Team Lead, Support & Services| Sophos Technical Support Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.
Well, we have received many of these over different devices across separate tenants. Typically, that is what is done. Ack the alert, scan the device, etc. Nothing is yet to come of it. Curious what exactly triggers this alert and what the best process for investigating is.
We have this internally and were advised that the best course of action when getting this alert was to create a case and submit a sample. You can also uninstall the application and manually clear the user's data.
GlennSen, are you saying submit a sample...being Google Chrome? C:\Program Files\Google\Chrome\Application\Chrome.exe?
Most probably, it wasn’t Chrome that triggered the detection. Maybe you added an extension or visited a website when this occurred?
This makes sense but this is occurring for our customers. We are not aware when extensions are added or what websites were viewed. It would be ideal if there was some indication what triggers this.
I understand, so this needs to be investigated on a case-by-case basis as the reason for this detection being triggered could be different every time. So for in-depth analysis, it's best to open a support ticket to get this investigated.
Okay, I will submit a ticket next time we receive one of these events.