Forum Discussion
Solved
Chrome installation failed due to ExploitGuard block
Hi all, we are facing the problem if Google Chrome should be installed by Intune via the Company Portal it gets blocked from the ExploitGuard. In Intune theres a Endpoint Protection Profile with...
Hi all,
found a solution. If anyone is also interested in installing Google Chrome Enterprise with Intune as MSI and have also Windows Defender fully activated
-------
especially ExploitGuard & CredentialGuard or at least the option in the Intune Endpoint Protection Profile >> Endpoint protection > Windows Defender Exploit Guard > Attack Surface Reduction > Flag credential stealing from the Windows local security authority subsystem = Enable
-------
Here is the Mitigation.xml which is working (working - not perfect)
Intune Endpoint Protection Profile >> Endpoint protection > Windows Defender Exploit Guard > Exploit protection
<?xml version="1.0" encoding="UTF-8"?>
<MitigationPolicy>
<AppConfig Executable="GoogleUpdate.exe">
<DEP Enable="true" EmulateAtlThunks="false" />
<ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="true" HighEntropy="true" />
<StrictHandle Enable="false" />
<SystemCalls DisableWin32kSystemCalls="false" />
<ExtensionPoints DisableExtensionPoints="false" />
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" />
<ControlFlowGuard Enable="true" SuppressExports="false" />
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" />
<Fonts DisableNonSystemFonts="false" AuditOnly="false" Audit="false" />
<ImageLoad BlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" />
<Payload EnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" EnableRopStackPivot="false" EnableRopCallerCheck="false" EnableRopSimExec="false" />
<SEHOP Enable="true" TelemetryOnly="false" />
<Heap TerminateOnError="true" />
<ChildProcess DisallowChildProcessCreation="false" />
</AppConfig>
</MitigationPolicy>If anyone know which option allows the access to lassas.exe please reply.
Hi all,
found a solution. If anyone is also interested in installing Google Chrome Enterprise with Intune as MSI and have also Windows Defender fully activated
-------
especially ExploitGuard & CredentialGuard or at least the option in the Intune Endpoint Protection Profile >> Endpoint protection > Windows Defender Exploit Guard > Attack Surface Reduction > Flag credential stealing from the Windows local security authority subsystem = Enable
-------
Here is the Mitigation.xml which is working (working - not perfect)
Intune Endpoint Protection Profile >> Endpoint protection > Windows Defender Exploit Guard > Exploit protection
<?xml version="1.0" encoding="UTF-8"?>
<MitigationPolicy>
<AppConfig Executable="GoogleUpdate.exe">
<DEP Enable="true" EmulateAtlThunks="false" />
<ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="true" HighEntropy="true" />
<StrictHandle Enable="false" />
<SystemCalls DisableWin32kSystemCalls="false" />
<ExtensionPoints DisableExtensionPoints="false" />
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" />
<ControlFlowGuard Enable="true" SuppressExports="false" />
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" />
<Fonts DisableNonSystemFonts="false" AuditOnly="false" Audit="false" />
<ImageLoad BlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" />
<Payload EnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" EnableRopStackPivot="false" EnableRopCallerCheck="false" EnableRopSimExec="false" />
<SEHOP Enable="true" TelemetryOnly="false" />
<Heap TerminateOnError="true" />
<ChildProcess DisallowChildProcessCreation="false" />
</AppConfig>
</MitigationPolicy>
If anyone know which option allows the access to lassas.exe please reply.
Seems that the same start doing the MicrosoftEdgeUpdate.