This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Safe Browsing detected browser Internet Explorer has been compromised

We have just installed the intercept x client on several machines under a trial license. We are getting the following from Intercept X when IE is opened;

"Safe Browsing detected browser Internet Explorer has been compromised"

The version of IE11 is 11.09600.18499

We cannot find any information to understand what this error message actually means. Has anyone else come across this?

Is there anywhere that such error messages are documented in order to fully understand?

cheers

This thread was automatically locked due to age.

Parents

WomboCombo over 7 years ago

Can anyone with the issue open up the application event log and filter by the ID "911".

You should see a HitmanPro.Alert event. Please copy and paste this full alert and I will take a deeper look for you.
Cancel
Vote Up 0 Vote Down

Cancel
Gordon McLellan1 over 7 years ago in reply to WomboCombo

Here's one from a Windows 7 machine, IE 11

http://pastebin.com/ZbDRf5pd

Intruder

PID          4344
Application C:\Program Files (x86)\Internet Explorer\iexplore.exe
Description Internet Explorer 11

Detour Report
# Address     Owner                    Disassembly
-- ---------- ------------------------ ------------------------
GdipCreateBitmapFromFile
1 0x74515EA6 gdiplus.dll              JMP 0x74ee7ea1
2 0x74EE7EA1 SOPHOS~1.DLL

GetFileVersionInfoSizeW
1 0x74EC19D9 VERSION.dll              JMP 0x74ee457c
2 0x74EE457C SOPHOS~1.DLL

GetFileVersionInfoW
1 0x74EC19F4 VERSION.dll              JMP 0x74ee455e
2 0x74EE455E SOPHOS~1.DLL

CreateActCtxW
1 0x752391E7 kernel32.dll             JMP 0x74ee8f40
2 0x74EE8F40 SOPHOS~1.DLL

FreeLibrary
1 0x75233468 kernel32.dll             JMP 0x74ee953d
2 0x74EE953D SOPHOS~1.DLL

LoadLibraryExW
1 0x752348FD kernel32.dll             JMP 0x74ee9608
2 0x74EE9608 SOPHOS~1.DLL

QueueUserWorkItem
1 0x7524CA70 kernel32.dll             PUSH DWORD 0x70ec0022
                                        RET
2 0x70EC0022 (anonymous; rooksdol.dll)

ReplaceFile
1 0x75250DFC kernel32.dll             JMP 0x74ee8fbe
2 0x74EE8FBE SOPHOS~1.DLL

SetUnhandledExceptionFilter
1 0x75238769 kernel32.dll             PUSH DWORD 0x71ae0022
                                        RET
2 0x71AE0022 (anonymous; SOPHOS~1.DLL)

SHExtractIconsW
1 0x756D57F3 SHELL32.dll              JMP 0x74ee490d
2 0x74EE490D SOPHOS~1.DLL

connect
1 0x761868F5 WS2_32.dll               JMP 0x719f0022
2 0x719F0022 (anonymous; RapportGH.dll)

getaddrinfo
1 0x76184296 WS2_32.dll               JMP 0x70f90022
2 0x70F90022 (anonymous; rooksdol.dll)

GetAddrInfoExW
1 0x7618A6DB WS2_32.dll               JMP 0x71010022
2 0x71010022 (anonymous; rooksdol.dll)

sendto
1 0x761834B5 WS2_32.dll               JMP 0x718d0022
2 0x718D0022 (anonymous; RapportGH.dll)

WSAConnect
1 0x7618BCD5 WS2_32.dll               JMP 0x71990022
2 0x71990022 (anonymous; RapportGH.dll)

WSAConnectByList
1 0x7619C07D WS2_32.dll               JMP 0x71950022
2 0x71950022 (anonymous; RapportGH.dll)

WSAConnectByNameW
1 0x7619C5CF WS2_32.dll               JMP 0x71910022
2 0x71910022 (anonymous; RapportGH.dll)

WSAIoctl
1 0x76182FE7 WS2_32.dll               PUSH DWORD 0x71850022
                                        RET
2 0x71850022 (anonymous; rooksdol.dll)

DdeInitializeW
1 0x7638ABD1 USER32.dll               PUSH DWORD 0x71580022
                                        RET
2 0x71580022 (anonymous; rooksdol.dll)

GetClipboardData
1 0x763A9FA4 USER32.dll               PUSH DWORD 0x71540022
                                        RET
2 0x71540022 (anonymous; rooksdol.dll)

GetMessageA
1 0x76367BD3 USER32.dll               PUSH DWORD 0x70f40022
                                        RET
2 0x70F40022 (anonymous; rooksdol.dll)

GetMessageW
1 0x763678E2 USER32.dll               PUSH DWORD 0x70f00022
                                        RET
2 0x70F00022 (anonymous; rooksdol.dll)

PeekMessageW
1 0x763705D2 USER32.dll               PUSH DWORD 0x71810022
                                        RET
2 0x71810022 (anonymous; rooksbas.dll)

RegisterClassA
1 0x7637541E USER32.dll               PUSH DWORD 0x716e0022
                                        RET
2 0x716E0022 (anonymous; rooksdol.dll)

RegisterClassExW
1 0x7636B185 USER32.dll               PUSH DWORD 0x71a50022
                                        RET
2 0x71A50022 (anonymous; rooksdol.dll)

RegisterClassW
1 0x76368A65 USER32.dll               PUSH DWORD 0x71a20022
                                        RET
2 0x71A20022 (anonymous; rooksdol.dll)

TranslateMessage
1 0x76367809 USER32.dll               PUSH DWORD 0x714e0022
                                        RET
2 0x714E0022 (anonymous; rooksdol.dll)

HttpAddRequestHeadersA
1 0x767A64D0 WININET.dll              PUSH DWORD 0x714a0022
                                        RET
2 0x714A0022 winhttp.dll

HttpOpenRequestA *
1 0x76831470 WININET.dll              PUSH DWORD 0x71460022
                                        RET
2 0x71460022 webio.dll

HttpOpenRequestW *
1 0x767A5D10 WININET.dll              PUSH DWORD 0x71420022
                                        RET
2 0x71420022 webio.dll

HttpSendRequestA
1 0x7682AF60 WININET.dll              PUSH DWORD 0x713e0022
                                        RET
2 0x713E0022 (anonymous; rooksdol.dll)

HttpSendRequestExA
1 0x768AA8D0 WININET.dll              PUSH DWORD 0x713a0022
                                        RET
2 0x713A0022 (anonymous; rooksdol.dll)

HttpSendRequestExW
1 0x76822B30 WININET.dll              PUSH DWORD 0x71360022
                                        RET
2 0x71360022 (anonymous; rooksdol.dll)

HttpSendRequestW
1 0x767A8A40 WININET.dll              PUSH DWORD 0x71320022
                                        RET
2 0x71320022 (anonymous; rooksdol.dll)

InternetCloseHandle
1 0x767A1E70 WININET.dll              PUSH DWORD 0x712e0022
                                        RET
2 0x712E0022 (anonymous; rooksdol.dll)

InternetConnectA
1 0x768313E0 WININET.dll              PUSH DWORD 0x712a0022
                                        RET
2 0x712A0022 (anonymous; rooksdol.dll)

InternetConnectW
1 0x767A99A0 WININET.dll              PUSH DWORD 0x71260022
                                        RET
2 0x71260022 (anonymous; rooksdol.dll)

InternetGetCookieExA
1 0x768AE800 WININET.dll              PUSH DWORD 0x71220022
                                        RET
2 0x71220022 (anonymous; rooksdol.dll)

InternetGetCookieExW
1 0x76812010 WININET.dll              PUSH DWORD 0x711e0022
                                        RET
2 0x711E0022 (anonymous; rooksdol.dll)

InternetOpenA
1 0x767BE1D0 WININET.dll              PUSH DWORD 0x711a0022
                                        RET
2 0x711A0022 (anonymous; rooksdol.dll)

InternetOpenW
1 0x767BE760 WININET.dll              PUSH DWORD 0x71160022
                                        RET
2 0x71160022 (anonymous; rooksdol.dll)

InternetQueryDataAvailable
1 0x767B7E30 WININET.dll              PUSH DWORD 0x71120022
                                        RET
2 0x71120022 (anonymous; rooksdol.dll)

InternetSetStatusCallback
1 0x767BFD50 WININET.dll              PUSH DWORD 0x710e0022
                                        RET
2 0x710E0022 (anonymous; rooksdol.dll)

InternetWriteFile
1 0x76822CB0 WININET.dll              PUSH DWORD 0x710a0022
                                        RET
2 0x710A0022 (anonymous; rooksdol.dll)

BitBlt
1 0x76BA5EA5 GDI32.dll                PUSH DWORD 0x71660022
                                        RET
2 0x71660022 (anonymous; rooksdol.dll)

CoCreateInstanceEx
1 0x77019CFE ole32.dll                JMP 0x71620022
2 0x71620022 (anonymous; rooksdol.dll)

StgOpenStorageEx
1 0x77046CDA ole32.dll                JMP 0x74ed546b
2 0x74ED546B SOPHOS~1.DLL

CoInternetCombineUrlEx
1 0x7719C9C0 urlmon.dll               PUSH DWORD 0x715e0022
                                        RET
2 0x715E0022 (anonymous; rooksdol.dll)

WinVerifyTrust
1 0x773F273A WINTRUST.dll             PUSH DWORD 0x71060022
                                        RET
2 0x71060022 (anonymous; rooksdol.dll)

NtMapViewOfSection
1 0x7787FC60 ntdll.dll                JMP 0x71890022
2 0x71890022 (anonymous; rooksdol.dll)

Thumbprint
5766f23574c441cd17770a583ce91d97c0c49e7e3b2588eb3d4c57d2b959c6d8
Cancel
Vote Up 0 Vote Down

Cancel
WomboCombo over 7 years ago in reply to Gordon McLellan1

This looks to be a false positive with rapport, could you raise a case with Sophos Support so we can process this as a false positive? You should get a case reference; if you could let me know the number I can progress this further for you.
Cancel
Vote Up 0 Vote Down

Cancel
plochner over 7 years ago in reply to WomboCombo

We are also seeing this error and we use Trusteer Rapport to access our online banking. What was the resolution for the problem? It's aggravating to see the alerts and I am not sure if the product is actually being blocked, meaning our Accountants won't be able to access our corporate banking websites.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

plochner over 7 years ago in reply to WomboCombo

We are also seeing this error and we use Trusteer Rapport to access our online banking. What was the resolution for the problem? It's aggravating to see the alerts and I am not sure if the product is actually being blocked, meaning our Accountants won't be able to access our corporate banking websites.
Cancel
Vote Up 0 Vote Down

Cancel

Children

Tom Pallone over 6 years ago in reply to plochner

We are still having issues with some systems - UAC is getting changed to the highest level -trusteer rapport installed
Cancel
Vote Up 0 Vote Down

Cancel