Endpoint Protection

 View Only

  • 1.  Blocking install of Chrome

    Posted Feb 05, 2014 11:01 AM

    has anyone figured out how to use application control to block end users from installing Chrome?  I know i could use it to block chromesetup.exe but how about when a user installs straight from the chrome website?  I have been asked to implement this and wanted to see if anyone has been successful.



  • 2.  RE: Blocking install of Chrome

    Posted Feb 05, 2014 11:04 AM

    You can block by hash as well but the problem is each new install will require a new hash.

    What context does it install from the website? Why doesn't chromesetup.exe blocking work? Have you tried blocking chrome.exe?



  • 3.  RE: Blocking install of Chrome

    Posted Feb 05, 2014 11:08 AM

    I haven't done that, You can try blocking the entire download URL link



  • 4.  RE: Blocking install of Chrome

    Posted Feb 05, 2014 11:18 AM

    yeah we don't want to make a new hash rule for each version that comes out.

     

    and blocking the URL would work for the average user that goes to the chrome website, but the install is available from many URL's at this point.  

     

    Anyone know exactly how Chrome installs?  Does it lay down a EXE in the file system that we can use Application control to block and essentialy kill the application?



  • 5.  RE: Blocking install of Chrome

    Posted Feb 05, 2014 11:23 AM

    When you download the initial setup file it always comes named "chromesetup.exe" Has blocking this not worked?

    The main executable is chrome.exe



  • 6.  RE: Blocking install of Chrome

    Posted Feb 05, 2014 02:26 PM

    how do i block "chromesetup.exe" so it is blocked no matter if it runs from the browers, or if the user has it on their desktop, or in "downloads".  

    Question being, how do i universally block "chromesetup.exe" no matter where it runs from.



  • 7.  RE: Blocking install of Chrome
    Best Answer

    Posted Feb 05, 2014 02:46 PM
      |   view attached

    Import this ADC into your SEPM and give it a test

    in addition to chromesetup.exe, you need to block googleupdate.exe and googleupdatesetup.exe. This could break other google products you may have because updates come thru googleupdate.exe which than launches a few child processes.

    In short, it's not a cut and dry setup.



  • 8.  RE: Blocking install of Chrome

    Posted Feb 05, 2014 03:05 PM

    Awesome Brian.  This worked and I don't believe we have any other google products in our environment so nothing should be effected.

     

    Thanks for the help. I am new to the application / device control and it's pretty cool how powerful it can be.



  • 9.  RE: Blocking install of Chrome

    Posted Feb 05, 2014 03:12 PM

    good deal, glad it works

    Oh yea, its a great feature when used properly...can be tricky some times