Endpoint Protection

 View Only

  • 1.  SEP detecting attack from the Proxy IP address when browsing using Chrome v5 ?

    Posted Jun 24, 2011 01:36 AM

    Hi Guys,

    I don't know why some of my users complain to me everyday about the SEP client got attacked by the Proxy ? (I am using Bluecoat hardware proxy to filter all of my Internet traffic), here's the typical error message from my clients [in thiscase below it is from my laptop]:

     

    [SID: 24294] Fake App Attack: Fake AV Redirect 24 detected.
    Traffic has been blocked from this application: C:\Documents and Settings\DGomez\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
     
    This attack happens randomly and happens to some people. Any idea to solve this issue please ?


  • 2.  RE: SEP detecting attack from the Proxy IP address when browsing using Chrome v5 ?

    Posted Jun 24, 2011 01:51 AM

    Follow this discussion, allow the SID

    https://www-secure.symantec.com/connect/forums/sid-21596-jabber-im-clientchrome-intrusion-prevention



  • 3.  RE: SEP detecting attack from the Proxy IP address when browsing using Chrome v5 ?

    Posted Jun 24, 2011 02:09 AM

    ok, so this is a confirmed bug / false positives in SEP v11.0.4 ?



  • 4.  RE: SEP detecting attack from the Proxy IP address when browsing using Chrome v5 ?

    Posted Jun 24, 2011 02:30 AM

    Yes; its false positive hence its deteced; have you tried upgrading your chrome?

     

    https://submit.symantec.com/false_positive/



  • 5.  RE: SEP detecting attack from the Proxy IP address when browsing using Chrome v5 ?
    Best Answer

    Posted Jun 24, 2011 07:38 AM

    Since you are uuing a proxy so it wont show you the actual foreign IP address as for the client it will appear the attack is coming from your Proxy Server.