chrome getting through application control

HI,

I would suggest zipping up chrome.exe and send it into the lab
https://secure2.sophos.com/en-us/support/contact-support/sample-submission.aspx

mention that appc is not picking it up.  They can then update the detection.

As a double check you can run (as an example, update paths as required):

C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sav32cli.exe -controlled "C:\Users\[yourusername]\AppData\Local\Google\Chrome\App
lication\chrome.exe"

This should get picked up as:

'AppC/Chrome-Gen'

Regards,

Jak

I did as you suggested, however when i scan the exe it does get picked up by sophos. here is the output:

Quick Scanning

>>> Virus 'AppC/Chrome-Gen' found in file C:\Program Files\Google\Chrome\Applica
tion\chrome.exe

1 file swept in 8 seconds.
1 virus was discovered.
1 file out of 1 was infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email support@sophos.com
or telephone +44 1235 559933
Ending Sophos Anti-Virus.

but when i double click the exe it still runs.

thanks

--dustin

HI,

In that case the detection data is good.

If you open SAV on the endpoint and go to:  Configure - Application Control (if enabled you'll have to login to tamper protection), does it show "Application control" as enabled? 

Otherwise, if that's on I assume the computer complies with policy and the correct policy is linked to the group the computer is in?

Also on the client you can open machine.xml (C:\ProgramData\Sophos\Sophos Anti-Virus\Config\).  It should have something like:

<authorisationListManager><authorisedAppCList policy="0"/>
		<blockedAppCList policy="0"><item>Google Chrome</item></blockedAppCList>
		<blockedAppCCategoryList policy="0"><item>34</item><item>35</item><item>42</item><item>45</item></blockedAppCCategoryList>
	</authorisationListManager>

Regards,

Jak