Jump to content
npmaylesby

Google Chrome block with new Trusteer Rapport

Recommended Posts

I've live chatted to Trusteer Rapport / IBM. He says there is a known incompatibility between MBAE and TR, as I think has already just been pointed out on this forum by John L Galt.  No reasons given nor reassurance that anything will change soon. I have completed the usual post Live Chat survey to leave details of the problem with IBM. I can't be the first!

Share this post


Link to post
Share on other sites

Having same problem since yesterday; no changes to computer/configuration yet cannot use Chrome.  Ran Malwarebytes, Windows Defender, cleaned up temp files and recycle bin; uninstalled and reinstalled Chrome to no avail.  Can use IE but not Chrome.  Anti-Exploit took me to Support Forum w/Chrome but kept receiving errors when trying to set up account; finally went to IE and registered with no problem.  Has me very concerned that there is, in fact, an ROP Gadget on the computer.  Filed support ticket yesterday w/no response.  This is a serious issue for me!  Any help appreciated!

Share this post


Link to post
Share on other sites

just had it with me,certainly rapport causing it on chrome,uninstalled rapport and chrome was fine.rapport not affecting firefox though,,reinstalled rapport and chrome will not open with the blocked pop up from anti exploit but maybe a different reason,so on this computer which i use for banking i will be using firefox only until a fix is found.also reboot made no difference.

same message as hadleyhope.

Edited by mistertonmick

Share this post


Link to post
Share on other sites

Have the exact same configurations on my laptop and have no issues with it.  Chrome will launch on desktop briefly, but as soon as I try to import bookmarks or do anything else MBAE blocks.  Rapport not the issue with mine. Still concerned that there is malware/virus on the desktop since no issue with laptop.  Have tried what I know to locate/remove ROP gadget with no luck.  Seems to be a pretty complicated security issue.

Share this post


Link to post
Share on other sites

This problem showed up for me today as well.  It is only affecting Google Chrome.  It blocks somewhat randomly.  I uninstalled Chrome completely (lost all my bookmarks) and now even if Chrome will run for a some functions, it won't allow me to import bookmarks from other browsers with the same blocking message shown on other posts.  I am about ready to just turn off Malwarebytes anti exploit.  Tried turning off extensions,  but that has not worked!

Share this post


Link to post
Share on other sites

We have reproduce the problem and traced it back to a new version of Trusteer Rapport.

In the meantime as a workaround open MBAE -> Settings -> Advanced Settings -> OS Bypass Protection -> uncheck "CALL ROP gadget detection 32 & 64" for Chrome Browsers -> Apply -> Reboot

We'll post back here when we have a fix ready.

Share this post


Link to post
Share on other sites

And suddenly, without doing much else than changing passwords for some sites (for this purpose at random) and re-booting, everything is into shape again.

I can offer no explanation. I'm still suspicious, but happy as well :-)

Regards Ruud

 

Share this post


Link to post
Share on other sites
5 hours ago, pbust said:

We have reproduce the problem and traced it back to a new version of Trusteer Rapport.

In the meantime as a workaround open MBAE -> Settings -> Advanced Settings -> OS Bypass Protection -> uncheck "CALL ROP gadget detection 32 & 64" for Chrome Browsers -> Apply -> Reboot

We'll post back here when we have a fix ready.

Pedro,tried what you posted and rebooted,still not working on chrome  now  saying heap memory blocked.

Share this post


Link to post
Share on other sites

I did the same workaround and found the same problem, The only way seems to be to stop protection or uninstall.

Share this post


Link to post
Share on other sites

Tried the workaround, but it simply stopped chrome opening.  The only difference was it didn't put a malwarebytes splash screen explaing why it had closed it.  Removed MWBAE again.

Share this post


Link to post
Share on other sites

Try the following:

 

MBAE -> Settings -> Advanced Settings -> OS Bypass Protection -> CALL ROP gadget protection (32/64) -> uncheck for Chrome -> Apply

MBAE -> Settings -> Advanced Settings -> Advanced Memory Protection -> Malicious return address detection -> uncheck for Chrome -> Apply

Reboot

Share this post


Link to post
Share on other sites

So far I'm cautiously optimistic abut this "work around". No further MBAE-induced crashes of Chrome on either of my PCs. Rapport still works too! ;) 

Share this post


Link to post
Share on other sites

My chrome browser would not startup - stopped by MAE - as of today, and I had an upgrade of Trusteer Endpoint Protection yesterday, version 3.5.1609.47.  I attach the MAE popup that shows when I try to run Chrome.  I'm running Windows10.  My Firefox browser works fine.  I've stopped the Trusteer Endpoint Protection service and my Chrome browser now loads and starts up.

Does anyone know how much protection Trusteer offers, over and above the common anti-virus protection software?

Would appreciate it if anyone reports back when Trusteer or MAE make changes that don't cause this conflict.  Thanks.

Malwarebytes AntiExploit notification.PNG

Share this post


Link to post
Share on other sites

The 'protection' offered by Trusteer Endpoint Protection (Rapport) is not just a matter of exploit detection and prevention.

If you have Rapport running, and your online banking is compromised, it is quite likely that you bank will look more favourably on your case if you insist that you did not disclose your credentials. If you have never installed Rapport, or worse, you have disabled or removed it, it is quick likely that your bank will use that fact to weasel their way out of any liability for your loss.

It's not a technical matter, more a question of perception.

Edited by antient

Share this post


Link to post
Share on other sites

Hi, @scottorn, and :welcome:

First off, are you running Rapport and using Chrome and MBAE enabled when this occurs? 

If so, have you tried the two work-around suggestions offered by Pedro?

See this for the first one:

And see this for the second one:

Finally, several users have also reported that only Chrome is being affected, meaning that users are able to use Firefox and Rapport and MBAE together without any issues, so if the above two work-around suggestions do not work for you, perhaps an alternate browser can prevent your workflow interruption until a more permanent solution is relayed from the developers.

Share this post


Link to post
Share on other sites

For me, I had to do BOTH of these workarounds:

MBAE -> Settings -> Advanced Settings -> OS Bypass Protection -> CALL ROP gadget protection (32/64) -> uncheck for Chrome -> Apply

MBAE -> Settings -> Advanced Settings -> Advanced Memory Protection -> Malicious return address detection -> uncheck for Chrome -> Apply

 

I have both Chrome and Trusteer Rappport.  If I do the workarounds, Chrome works OK.

If I shutdown Trusteer first, Chrome opens OK.

Don't know what's causing the conflict, but it's definitely MBAE/Trusteer combo that interferes with Chrome opening.

 

Share this post


Link to post
Share on other sites

Oops - thanks for pointing that out - the second fix contains the first one I linked to.

And Trusteer Rapport has been a known issue for a while now, as mentioned in this post: 

 

Share this post


Link to post
Share on other sites

I'm having the same issue with Chrome being blocked. I uninstalled & reinstall both and no change. Then, I unchecked the ROP exploit options in advanced settings and then Crome was blocked for a memory issue by MBAE. I unchecked Chrome in Advanced Memory Protection and then Chrome would load normally. I'm using Win 10 on two machines. On my secondary machine, (same setup with all apps, etc.) Chrome has never been blocked by MBAE. So by unchecking the three options mentioned, Chrome seems to run fine. 

MBAE MESSAGE.JPG

Share this post


Link to post
Share on other sites

All of a sudden the Chrome launch is cancelled by

Google Chrome (and plug-ins)
Malicious Memory Protection
'Exploit code executing from Heap memory blocked'

What's the recommended action?

Share this post


Link to post
Share on other sites

Hi, @Leonard, and :welcome:

Before we go any further, I just wanted to confirm - is this from the program Malwarebytes Anti-Malware or from the program Malwarebytes Anti-Exploit?

Share this post


Link to post
Share on other sites

Tried all instructions of install on this website in evey oreder and cannot remove  C:\Program Files (x86)\Malwarebytes Anti-Exploit

 

Tried this:

In order to solve this problem please follow these steps:

 

1- Reboot Windows 10

2- Uninstall Malwarebytes Anti-Exploit from Control Panel

3- Reboot again

4- Delete the directory C:\Program Files (x86)\Malwarebytes Anti-Exploit (if it exists)

5- Delete the directory C:\ProgramData\Malwarebytes Anti-Exploit

6- Download and install Malwarebytes Anti-Exploit build 1189 from here (same installer for both Free and Premium)

 

Continue getting attached message below

Capture.PNG

Share this post


Link to post
Share on other sites

Hi, @badassmofo, and :welcome:

Having read your post, I'm just verifying this:  did you try the utility from this sticky post?

 

Share this post


Link to post
Share on other sites

On another entry the person talked about going into advanced setting in MBAE and turning off ROP and Advanced Memory Protection for Chrome. THat seemed to solve the problem. Would like to know why this only recently started in Chrome and only Chrome. Firefox and IE work fine.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.