Jump to content

Google Chrome block with new Trusteer Rapport

npmaylesby

By npmaylesby
in Anti-Exploit Beta

 Share

Recommended Posts

  • Replies 283
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

yardbird

yardbird

Posted
Posted

       @Richardlrwin

          

Try the following:

 

MBAE -> Settings -> Advanced Settings -> OS Bypass Protection -> CALL ROP gadget protection (32/64) -> uncheck for Chrome -> Apply

 

MBAE -> Settings -> Advanced Settings -> Advanced Memory Protection -> Malicious return address detection -> uncheck for Chrome -> Apply

 

Reboot

Post back & let us know please.

Link to post
Share on other sites
  • Staff
pbust

pbust

Posted
  • Staff
Posted

(merged a few threads together with this one)

Even though this is a bug on Trusteer's product (and likely will conflict with other products that perform API hooking, not just MBAE), we are creating a fix on our end.

We will release soon. I will post it here for all of you to test.

In the meantime the safer workaround is to disable both ROP and Malicious Return Address techniques under Advanced Settings.

Interestingly it is not always necessary to turn both off. Sometimes only turning off ROP is enough. And sometimes an update to Chrome and reboot (without turning off any MBAE techniques) is sufficient. But it varies between configurations. So the safest is to turn off ROP only and if it continues conflicting, then turn off Malicious Return Address detection.

 

 

Link to post
Share on other sites
RichardIrwin

RichardIrwin

Posted
Posted

Tried the MBAE -> Settings -> Advanced Settings -> OS Bypass Protection -> CALL ROP gadget protection (32/64) -> uncheck for Chrome -> Apply  from earlier posts and it made no difference. However, I experimented with Shields Remove Shield for Chrome. Chrome worked. Closed Chrome down and reactivated the Shield and it still works.  I do not have Trusteer's product, only Malwarebytes and Defender.

Richard

Link to post
Share on other sites
JHall

JHall

Posted
Posted

I ran into this Chrome/MBAE/Rapport problem (under Windows 7 32-bit) today. I tried the suggested temporary workaround of adjusting MBAE's Advanced Settings and rebooting, which worked. Then I went to Trusteer's own site, to see if there was anything about the problem there. There wasn't that I could see, but it did say that the latest version of Rapport now worked with Chrome v49 and provided a link to click on to upgrade Rapport. I thought that it couldn't hurt to try that. Having updated Rapport, I restored the MBAE settings to their previous values and rebooted. This seemed to work. (Fingers crossed.) So it might be worth other people trying that. Rapport seems unusual, in that it doesn't seem to update itself automatically, or if it does then it's not very timely.

Link to post
Share on other sites
FCA711

FCA711

Posted
Posted
38 minutes ago, mistertonmick said:

just to add to my above post it was only the advanced memory protection that caused the stopping of chrome,CALL ROP is working OK.

Me too.  I updated Chrome manually and verified the latest Trusteer was on there.  Still crashed, but after removing just the Advanced Memory Protection setting for Chrome, now all is good again.  The CALL ROP is activated.  So, we're making progress I think.

 

Link to post
Share on other sites
Morrile

Morrile

Posted
Posted

Hello,

I had the same problem with Chrome and Anti-exploit yet now I don't. What I did was uninstall Chrome then using regedit (you need to know what you are doing with this app) and removed everything related to Google and Chrome, rebooted and reinstalled a fresh Chrome, but that did not resolve the problem. So I put all the essential plugin back in, Trusteer Rapport, 1Password, Ghostery and then did an update to Adobe Flash (you should all know about the recent exploit with flash) and now it all works as it should.

I suspect that something has tried to get into our systems and failed because we all have Malwarebytes installed, yet it's left some changes to flash within Google Chrome and that's caused many of us to experience a problem with Anti-exploit.

I hope this helps you to resolve your issues with Chrome and Anti-exploit :D

Morrile

Link to post
Share on other sites
Morrile

Morrile

Posted
Posted

Hello,

The solution to Google Chrome and Anti-Exploit is to update your Adobe Flash Player. I have done this to 4 home PC and a couple of friends overseas and it works.

Kind regards,

Morrile

Link to post
Share on other sites
ukpixel

ukpixel

Posted
Posted

I've carried out the two fixes but to no avail.  (And the suggestion that updating Flash Player works? - it doesn't for me) Have to continue with Firefox as now I have no access at all to Chrome.  (In a previous post I'd only lost access to 'settings'

Link to post
Share on other sites
JANW

JANW

Posted
Posted

I have updated Chrome to the latest version - 49.0.2623.112m

Kaspersky is up to date

Trusteer is up to date

I do not have Adobe flash installed on my PC

MBAE all settings returned to normal

 

AND Chrome is now working - so fingers crossed it stays like it

Link to post
Share on other sites
hake

hake

Posted
Posted

I have experienced a similar difficulty with Windows 8.1 (64-bit), Google Chrome (x86) version 49.0.2623.112 m and Trusteer Rapport. MBAE default settings were in use.  The puzzling thing is that Google Chrome works fine as a browser but when I use the Chrome Settings facility to delete browser data, MBAE shows an alert re: 'ROP exploit gadget attack blocked'.  If I disable CALL ROP gadget detection, I still get a similar alert for Malicious Return Address detection.  Disabling CALL ROP Gadget detection and Malicious Return Address detection for Google Chrome eliminates the behaviour.

An identical setup of Google Chrome and Trusteer Rapport on Windows 7 (64-bit) Home Premium does not exhibit the behaviour in the same circumstances.

This issue does not stop Google Chrome being usable.  I report it in case the circumstances might inform those who are investigating this.





 






 

Link to post
Share on other sites
Gex

Gex

Posted
Posted

Seem to have got round the problem on my PC.

De-installed Chrome and Flash Player.

Went to Settings >> Advanced Settings in MWAE and unclicked DEP Enforcement for Chrome Browsers

Deactivated Shield in MWAE for Google Chrome (under Shields tab)

Reinstalled Chrome and Flash Player

Reactivated Shield for Google Chrome in MWAE

Re-checked DEP Enforcement for Chrome in MWAE

All seems to be working OK now.

Link to post
Share on other sites
Bramble

Bramble

Posted
Posted

Hi,

I can't access Chrome at all, either. Tried to follow the suggestions above, but apparently Flash is embedded in Win8.1, so I can't uninstall it. I got a message saying to get up-to date version of IE to make sure Flash is up  to date - it turns out I have the latest version already. 

I'll try to uninstall  and reinstall Chrome to see whether that helps.

Link to post
Share on other sites
Millie56

Millie56

Posted
Posted

I have similar problem with the Anti-Exploit Free version + Chrome. I am able to open and use Chrome OK but it's only when I open the 'History' and then click on the 'Clear browsing data' button that the browser closes down and I get the Anti-Exploit warning notice. I have just gone back to using Firefox which I am equally happy with.

Link to post
Share on other sites
Welshman

Welshman

Posted
Posted

Hello .. my OS is Windows 7. Google Chrome updated today to 49.0.2623.112 (was 110) / Malware Bytes Anti Exploit 1.08.1.1189 / Anti Malware 2.2.1.1043.

I have been using the software without problems prior to this. Looking at the forum I am not alone.

The same problem as already reported using Google Chrome. This started a few days ago. Sometimes it works okay and others will block immediately.

It is becoming annoying as I loose all the open tabs. To overcome the problem I have 'stopped' the Anti-Expoit.

I am running Ashampoo Anti Virus / Webroot Secure Anywhere / IBM Rapport .. all have worked in harmony for quite a long time.

Hope this issue can be resolved.

I also have reminders from Microsoft to upgrade to Win 10 .. that is unlikely to happen on this notebook.

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.