Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 11102 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Application Control Browser Extensions - not being blocked?

Cache

Hi

 

I wonder if anyone can give me any advice? I've enabled Sophos Application Control and Applications themselves seem to be being blocoked without issue.

 

I've noticed however that Browser Plugins which I have chosen to be blocked by Application Control don't appear to be, yet the Antivirus is picking up the Chrome variant as a PUP.

Am I missing something extra that I need to do to enable Browser plugin blocking as the policy its self does appear to be working?

 

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hello Cache,

    so in your policy Enable on-access scanning is set, Detect but allow to run is not, and some (but not all) of the applications of type Browser plug-in are in the Blocked list?
    Which browser(s) do you use and which plug-ins should be blocked? With don't appear to be [blocked] you mean they are actually running, or you don't get the expected alert? picking up the Chrome variant as a PUP - I assume that a PUA detection has precedence over Application Control (PUA detection and Application Control might "overlap" to some extent). Do you get a specific detection or a generic?

    Christian

  • 0 in reply to QC

    Hi Christian

     

    That's right.

    I've tried in both Firefox and Chrome to block the BrowSec plugin specifically and the plugins run without being blocked. The Chrome version gets a single .js script detected as Adaware or PUA, Item details Browsec VPN Browser Plugin.

    As an experiment, I put Opera into the Application Control and installed it, after it is installed I'm unable to use it because of the Application Control Policy.

    Thanks

  • +1 in reply to Cache

    Hello Cache,

    obviously Application Control (AC) is working. Of course if your AV policy excludes the very files that AC needs to identify a certain application then you won't get the desired results - but this is not the case here as at least the .js is detected as PUA. Likely the detection needs some refinement. All you can do is to use the Contact Form to raise a ticket, supplying if possible the plugin code.

    Christian 

Reply
  • +1 in reply to Cache

    Hello Cache,

    obviously Application Control (AC) is working. Of course if your AV policy excludes the very files that AC needs to identify a certain application then you won't get the desired results - but this is not the case here as at least the .js is detected as PUA. Likely the detection needs some refinement. All you can do is to use the Contact Form to raise a ticket, supplying if possible the plugin code.

    Christian 

Children
Unfiltered HTML