Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 3211 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Chrome and Firefox being detected s HIPS/ProcInj-001??

hex

Hello, we are currently evaluating Sophos control center (Version 9.5).  I have noticed that on my PC (Windows 7 32bit) everytime i launch Google Chrome, and about half the times i launch firefox, i keep getting the following notification: 

HIPS/ProcInj-001  and it points to the chrome or firefox.exe file.  This does not happen with IE8 Safari, or Opera.  The PC is in a group with all the default settings.  no NAC, data security or anything has been configured.  I have tried authorizing it but it still pops up.   Any ideas?

:5168


This thread was automatically locked due to age.
Parents
  • 0

    [Remark: any ideas why firefox.exe is under ProgramData? I've found a few references but no explanation.]

    About authorization:

    If you authorize using SEC you change the policy and subsequently local authorizations will be overwritten. Anyway if you hover the mouse over an entry in the Authorization Manager you'll see additional information about the file:

    If the executables do not change (and I think they should not) you will see only one checksum for each. Authorizing (do it locally) moves them to the right column (as in the image). If when starting e.g. Firefox you receive another alert you should see a new entry in the left column - of course with a different checksum.

    Could you try it once more and describe what you see?

    Christian

    :5201
Reply
  • 0

    [Remark: any ideas why firefox.exe is under ProgramData? I've found a few references but no explanation.]

    About authorization:

    If you authorize using SEC you change the policy and subsequently local authorizations will be overwritten. Anyway if you hover the mouse over an entry in the Authorization Manager you'll see additional information about the file:

    If the executables do not change (and I think they should not) you will see only one checksum for each. Authorizing (do it locally) moves them to the right column (as in the image). If when starting e.g. Firefox you receive another alert you should see a new entry in the left column - of course with a different checksum.

    Could you try it once more and describe what you see?

    Christian

    :5201
Children
No Data
Unfiltered HTML