Endpoint Protection

 View Only

  • 1.  [SID: 21596] - jabber IM client/Chrome - "intrusion prevention"

    Posted Apr 20, 2010 09:26 AM
    I am a web/application developer and have always used Chrome without an issue. I recently got a new computer at work with win7 64bit installed, and since then our Symantec (Endpoint Protection) has been throwing alerts (seemingly randomly).

    This is what it's logging:

    [SID: 21596] Jabber IM Client Connection detected.
    Traffic has been allowed from this application: C:\Users\xxxxxx\AppData\Local\Google\Chrome\Application\chrome.exe

    event type: Intrusion Prevention

    I thought at first this was from opening up gmail with the chat enabled, but this same alert was logged this morning when i just opened the browser.

    Any thoughts on how to fix it? I tried adding the application as an exception on my local version of SEP but that doesn't seem to have worked. I wouldn't care except that it's calling attention to me! :)

    Any help is appreciated!


  • 2.  RE: [SID: 21596] - jabber IM client/Chrome - "intrusion prevention"

    Posted Apr 20, 2010 09:54 AM
    in your sepm
    open policies
    IPS policies
    make the SID 21596 from Block to allow.


  • 3.  RE: [SID: 21596] - jabber IM client/Chrome - "intrusion prevention"

    Posted Apr 20, 2010 04:39 PM

    have you encountered this issue, or are you just guessing at a solution?


  • 4.  RE: [SID: 21596] - jabber IM client/Chrome - "intrusion prevention"

    Posted Apr 20, 2010 05:12 PM
    If you want to exclude that then you to exclude that SSID from SEPM..It might be a False Positive or it can also be BHO, or add-in Loaded to your browser which is firing up this Alarm from IPS.


  • 5.  RE: [SID: 21596] - jabber IM client/Chrome - "intrusion prevention"

    Posted Apr 21, 2010 09:52 AM
    hi, thanks for your answer, but i didn't understand most of that :) is this something our symantec manager will have to deal with?


  • 6.  RE: [SID: 21596] - jabber IM client/Chrome - "intrusion prevention"

    Posted Apr 21, 2010 09:57 AM

    Yes


  • 7.  RE: [SID: 21596] - jabber IM client/Chrome - "intrusion prevention"

    Posted Jul 15, 2010 02:32 AM
    Hey just wanted to follow up with you here. I was having the same problem and fixed it by simply disabling the sync setting in Chrome. This is the setting that allows you to sync your browser settings across multiple PC's. 


  • 8.  RE: [SID: 21596] - jabber IM client/Chrome - "intrusion prevention"

    Posted Oct 12, 2010 10:54 AM

    I have the ooVoo client installed, but am getting a  friendly SID 21596 "Jabber IM Client Connection Detected" warning message.  It appears to be allowing the activity, but just warning me.

    I'm running SEP Small Business version 12 as an unmanaged client.  Can somebody talk through what changes I need to make to eliminate this warning message?

    I suspect I need to do something in Network Threat Protection > Options > Configure Firewall Rules > Add.  I just don't know where to go from there.  (My apologies, but I'm a major novice with security policies.  I just want to rid myself of the warning message.)

    Thanks in advance.