topic Re: Chrome 77 & Sandblast Agent in Endpoint

Chrome 77 & Sandblast Agent

Alex- — Sat, 21 Sep 2019 12:24:44 GMT

Since Chrome update to version 77, it's impossible to open PDF anymore when the Sandblast Agent extension is present and the user doesn't have admin rights. Clicking on a link supposed to open a PDF opens a new tab with an empty page and "About:blank" in the URL.

If a user has admin rights, it works. If the tab is open in an incognito page, it works. Using IE (no agent there), it also works. Obviously, it's out of the question to give admin rights to the full user base. This behavior was seen with E80.92 & E81.30. If I uncheck "Protect web downloads" and choose "Do not emulate web content" in the policy for Antimalware & TP, nothing changes. Workaround now is to instruct users to go Incognito or use IE for some specific business-related websites, but it's not really handy. I couldn't find specific errors in the logs.

Any idea before I make a TAC case?

Re: Chrome 77 & Sandblast Agent

Oren_Cohen — Mon, 23 Sep 2019 07:02:49 GMT

Hi Alexis,

We are aware of that issue and investigating it with our developers.

I'd suggest opening a case to TAC for monitoring.

Thanks,

Re: Chrome 77 & Sandblast Agent

Alex- — Mon, 23 Sep 2019 07:56:14 GMT

@Oren_Cohen

Thank you for sharing this information, I will open a TAC case to get informed of the availability of a fix.

Re: Chrome 77 & Sandblast Agent

Paulo_Balau — Thu, 21 May 2020 16:05:56 GMT

Hi!

Is there any fix.

I have a Doc Management it only works well on Chrome but AV does not let me to view the pdf on aside windows! It keeps downloading the file, not opening/presenting it automatically...

THX

Balau

Re: Chrome 77 & Sandblast Agent

itayhac — Thu, 28 May 2020 10:12:38 GMT

Hi,

if i understand the issue correctly, you are having trouble seeing pdf inline , and it downloads the file instead.

Due security reasons we are not supporting pdf inline view and we force the browser to download it instead.

we recomend to keep using it as it is, but if its compromises your work too much it is possible to turn off pdf files from being emulated.

again, we dont recomend it but its possible.

i hope it answered your question, in any case feel free to contact us for further information

Re: Chrome 77 & Sandblast Agent

Svenson — Thu, 02 Jul 2020 14:43:20 GMT

Hi,

I suppose that saying "Due security reasons we are not supporting pdf inline view " is the same as saying there will never be a fix?

Is it possible to make an exclusion on sitelevel in such a case? So if we do need inline PDF view on an intranet site the Sandblast agent will ignore this issue?

Kind regards,

Svenson

Re: Chrome 77 & Sandblast Agent

Gal_Carmeli — Sun, 05 Jul 2020 15:26:09 GMT

Hi,

It will not be changed. We believe this is the right behavior: we are not allowing inline-pdf tools to work in order to protect the endpoint from undesired applications to breach the scrutiny.

However, exclusions will work: if you exclude the domain that contains the PDF from Threat-emulation and file download inspection, the inline PDF reader will work.

Thanks,
Gal.