This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Users cannot open Chrome - Error: 'ROP' exploit prevented in Google Chrome

Every time someone in our company tries to open Google Chrome on their PC, they get an error from Sophos that says Chrome has been closed.

In the dashboard online, I see the error "'ROP' exploit prevented in Google Chrome". I remember this being an issue with other software earlier in the year, and it required a workaround until the Trusteer Rapport was updated.

In Sophos endpoint, what is the workaround to allow people to use Chrome for now?

This thread was automatically locked due to age.

Parents

+1 jak over 8 years ago

Hi,

Does it help to go into:

https://cloud.sophos.com/manage/config/settings/exploit-mitigation-exclusions

and add an exclusion for Chrome?

I would also ensure that the computers have been restarted as, this component gets updated on restart.

Hope it helps.

Regards,

Jak
Cancel
Vote Up 0 Vote Down

Cancel
0 Victoria Cleaton over 8 years ago in reply to jak

I really don't want to have to turn off exploit prevention in chrome for our users. I have confirmed it is trusteer endpoint causing the problem in the case of one of our customers, as disabling trusteer clears the error. Is there no way to exclude trusteer itself from exploit prevention?
Cancel
Vote Up 0 Vote Down

Cancel
0 John Orr over 8 years ago in reply to Victoria Cleaton

I also had this issue with several users and at first thought it was the Trusteer Rapport chrome extension. I found googledocs modules in Chrome extensions to be the cause. Once disabled, no more ROP errors. I'm now checking Sophos community for resolution in case other users run into this.

Hope this helps!
Cancel
Vote Up 0 Vote Down

Cancel
0 mmacwan over 6 years ago in reply to John Orr

I've started seeing this appearing now. I have disabled the Google Docs ext in Chrome so it will be interesting if this comes up again after
Cancel
Vote Up 0 Vote Down

Cancel
0 Gowtham Mani over 6 years ago in reply to mmacwan

Hi mmacwan,

It could be a false positive if the extension is a known legitimate app. If you face the issue again, please refer How to report false positives. If it is confirmed as False positive we will have the required signature changes done from our end else it would be worth investigating with our support.

Regards,

Gowtham Mani
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Gowtham Mani over 6 years ago in reply to mmacwan

Hi mmacwan,

It could be a false positive if the extension is a known legitimate app. If you face the issue again, please refer How to report false positives. If it is confirmed as False positive we will have the required signature changes done from our end else it would be worth investigating with our support.

Regards,

Gowtham Mani
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data