Oops sorry John, not sure why but I somehow missed the advice here. I'll check into this for sure and thank you.
I do get the notices of the latest posts on this thread and there's a common theme I'm seeing, which is that it's is painfully obvious that Broadcom erred in implementing this Chrome browser extension feature and at this point someone just has to accept responsibility and do something about it. The volume of posts on this topic is higher than normal for any problem with SEP that I've seen in years, and this no doubt represents a tiny fraction of actual affected parties.
Worse, the dev team is taking the classic stance of only being able to speak the language of case numbers. The problem here is that someone in leadership, at a level that supersedes dev team managers, needs to step in, recognize that forcing customers to engage with frontline tech support on issues that are, again, painfully obviously a design and implementation mishap, is perhaps the worst possible customer experience decision available here.
Someone really needs to modernize the feedback loop at Broadcom - you deserve HUGE credit for coming on here daily and dealing with all this, but what I think needs to happen is the group or organization as a whole needs to re-design the feedback process for situations like this.
This goes way beyond standard bug reports and feature requests, though I completely understand that this is all that can be recommended under the current environment.
EXtreme Ownership (Echelon Front) - whomever is in charge of this stuff should really check into that leadership principle.
As always though, thank you for the work you put in. If not for you and Adam, the ship would have sank already.
Original Message:
Sent: 08-13-2021 01:43 PM
From: John Owens
Subject: Symantec Browser Extension (f. e. Chrome)
Good Morning,
Yes. You can whitelist URLs. https://knowledge.broadcom.com/external/article/206213/url-reputation-false-positive-process.html
You can also try using Trusted Web Domain exceptions depending on what IPS detection you are getting.
Some other options that may work for you:
For domain members, you may completely remove the SEP Chrome extension or prevent its installation by disabling the force-install list in Chrome extension policy at the domain level. The block list is ineffective because the force-install list will override it and any local changes to force-install list will be reverted by SEP.
For a non-domain computer the extension mgmt choices are 1.) disable IPS "Browser Intrusion Prevention" in SEP client settings or SEPM policy (the extension will still be visible in Chrome settings but put in pass-thru) or 2.) Uninstall the SEP IPS component.
All I can think of otherwise is to edit and lockdown (deny write access to) the related registry key:
HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist
This could be done locally for non-domain members or via GPO for domain
Thanks,
John Owens
Original Message:
Sent: 08-13-2021 01:29 PM
From: Colin McRae
Subject: Symantec Browser Extension (f. e. Chrome)
Yes I agree with the idea that a new feature that has significant end-user impact should have an option to be disabled.
From the get-go, this feature should have the ability to whitelist certain domains or URLs, in addition to the ability to disable the feature fully. To me that should just be obvious for the dev team to realize. Or is whitelisting URL's currently an option? I ask because I have had a few end users complain that the website(s) they visit routinely for their work get flagged by the browser extension as bad so they can't get their work done, but there is never any explanation by the Symantec product as to why. Of course the website owner is not incentivized to look into the issue, because the site works fine on Edge, and, the Symantec products gives absolutely no indication of why it flagged a URL as bad. Neither on the interface to the end-user, nor in the daily IPS email reports the admin receives.
So in effect, we have a feature that decides to block access to necessary websites in some cases, gives no explanation as to why thus the end user, the security admins, and the website owner have no idea what needs to be done to correct the issue, AND, you can't disable the feature.
I don't mean to be all criticism here but it really seems like the dev team needs to focus a bit more on the customer experience before releasing a feature that directly impacts end users.
I'm happy to be wrong on anything from the above. Maybe there's a URL whitelisting option that'll inform the Chrome extension to allow certain sites?
Original Message:
Sent: 08-13-2021 03:21 AM
From: Lars Glarbo
Subject: Symantec Browser Extension (f. e. Chrome)
Hi John
I'm part of a big organisation and we have a team managing Chrome, another managing our Secure Web Gateway plus my team managing SEP and in total 40k users depending on all 3 components working. If my team introduces the extension into Chrome, we need to do extensive coordination, testing and process changes together with our incident teams (as malicious webpages are supposed to be blocked in the proxy).
In short, we dont want to do that as the benefit would be very limited and therefore the planned 14.3 RU2 client upgrade is put on hold. Please ensure any new feature in SEP can be disabled fully or even better de-selected when exporting the client installation package.
Original Message:
Sent: 08-12-2021 10:22 AM
From: John Owens
Subject: Symantec Browser Extension (f. e. Chrome)
Good Morning Everyone,
What are the reasons you all want to remove the Chrome Extension? You will lose Broswer IPS protection for users using Chrome which will put you in a less secure state. In previous version Chrome did not support Browser Protection. 14.3 RU2 added it with the Chrome Extension. If you could provide some reasons it would be helpful.
Thanks,
John Owens
------------------------------
John Owens
Original Message:
Sent: 08-10-2021 04:42 AM
From: siva guthula
Subject: Symantec Browser Extension (f. e. Chrome)
Hi Team,
We cant disable the Symantec extension bcz its grade out in Chrome.
Best Regards,
Siva
M.Tech Broadcom Aggregation Technical Support.
Original Message:
Sent: 08-09-2021 12:48 AM
From: siva guthula
Subject: Symantec Browser Extension (f. e. Chrome)
1. In the SEPM console, click on Policies > Intrusion Prevention.
Selected the active Intrusion Prevention policy and click Edit policy (or double-click on the policy).
2. Selected Intrusion Prevention and check the "" Log detections but do not block" and click on OK.
3. Assigned the policy to test system and check
Original Message:
Sent: 06-23-2021 05:22 AM
From: Markus Möller
Subject: Symantec Browser Extension (f. e. Chrome)
Hi all,
is it possible to disable or uninstall the Symantec extension for the browser, like Chrome?
Unfortunately I have not found a suitable setting in SEPM.
Thanks in advance