Video Screencast Help

[SID: 21596] - jabber IM client/Chrome - "intrusion prevention"

Created: 20 Apr 2010 | 7 comments

I am a web/application developer and have always used Chrome without an issue. I recently got a new computer at work with win7 64bit installed, and since then our Symantec (Endpoint Protection) has been throwing alerts (seemingly randomly).

This is what it's logging:

[SID: 21596] Jabber IM Client Connection detected.
Traffic has been allowed from this application: C:\Users\xxxxxx\AppData\Local\Google\Chrome\Application\chrome.exe

event type: Intrusion Prevention

I thought at first this was from opening up gmail with the chat enabled, but this same alert was logged this morning when i just opened the browser.

Any thoughts on how to fix it? I tried adding the application as an exception on my local version of SEP but that doesn't seem to have worked. I wouldn't care except that it's calling attention to me! :)

Any help is appreciated!

Comments 7 CommentsJump to latest comment

Rafeeq's picture

in your sepm
open policies
IPS policies
make the SID 21596 from Block to allow.

rima's picture

have you encountered this issue, or are you just guessing at a solution?

Vikram Kumar-SAV to SEP's picture

If you want to exclude that then you to exclude that SSID from SEPM..It might be a False Positive or it can also be BHO, or add-in Loaded to your browser which is firing up this Alarm from IPS.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

rima's picture

hi, thanks for your answer, but i didn't understand most of that :) is this something our symantec manager will have to deal with?

.Brian's picture

Yes

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

paul1732's picture

Hey just wanted to follow up with you here. I was having the same problem and fixed it by simply disabling the sync setting in Chrome. This is the setting that allows you to sync your browser settings across multiple PC's. 

chewbach's picture

I have the ooVoo client installed, but am getting a  friendly SID 21596 "Jabber IM Client Connection Detected" warning message.  It appears to be allowing the activity, but just warning me.

I'm running SEP Small Business version 12 as an unmanaged client.  Can somebody talk through what changes I need to make to eliminate this warning message?

I suspect I need to do something in Network Threat Protection > Options > Configure Firewall Rules > Add.  I just don't know where to go from there.  (My apologies, but I'm a major novice with security policies.  I just want to rid myself of the warning message.)

Thanks in advance.