Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 17140 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Chrome declares Sophos Anti-Virus as incompatible application

Michael Gilmour

Is anyone else having Chrome report "Sophos Anti-Virus" as an incompatible application after a crash and do Sophos have any plans to address the issue?

A good write-up of the issue can be found here:

https://www.bleepingcomputer.com/news/google/google-chrome-showing-alerts-about-incompatible-applications/

 

Thanks,

Michael



This thread was automatically locked due to age.
Parents
  • 0

    Depending on the OS and the features enabled there will be a number of modules injected into the Chrome.exe process by default.  These can be seen by using a tool such as Process Explorer.

    1. sophos_detoured_x64.dll / sophos_detoured.dll
    This DLL is a "AppInit_DLLs" for Data Control and BOPS depending on the version of SAV installed.
    https://support.microsoft.com/en-gb/help/197571/working-with-the-appinit-dlls-registry-value 

    2. hmpalert.dll 
    This DLL is injected into processes by the HMPA service for exploit mitigation.

    3. swi_filter_64.dll / swi_filter.dll and swi_ifslsp_64.dll / swi_ifslsp.dll
    If you are using Windows 7 / 2008R2 and have Web Protection or Web Control functionality enabled then a Layered Service Provider (LSP) is installed in the system.  As the LSP is referenced in the Winsock Catalog the Chrome.exe process will load this module and the associated filter dll.  This is to perform in process filtering of web traffic.
    On Windows 8.1/Windows 10, etc.. this is performed out of process so no module is loaded into Chrome.

    So what OS and the features you have enabled/installed are important here.

    Regards,
    Jak

Reply
  • 0

    Depending on the OS and the features enabled there will be a number of modules injected into the Chrome.exe process by default.  These can be seen by using a tool such as Process Explorer.

    1. sophos_detoured_x64.dll / sophos_detoured.dll
    This DLL is a "AppInit_DLLs" for Data Control and BOPS depending on the version of SAV installed.
    https://support.microsoft.com/en-gb/help/197571/working-with-the-appinit-dlls-registry-value 

    2. hmpalert.dll 
    This DLL is injected into processes by the HMPA service for exploit mitigation.

    3. swi_filter_64.dll / swi_filter.dll and swi_ifslsp_64.dll / swi_ifslsp.dll
    If you are using Windows 7 / 2008R2 and have Web Protection or Web Control functionality enabled then a Layered Service Provider (LSP) is installed in the system.  As the LSP is referenced in the Winsock Catalog the Chrome.exe process will load this module and the associated filter dll.  This is to perform in process filtering of web traffic.
    On Windows 8.1/Windows 10, etc.. this is performed out of process so no module is loaded into Chrome.

    So what OS and the features you have enabled/installed are important here.

    Regards,
    Jak

Children
No Data
Unfiltered HTML