https://community.checkpoint.com/t5/Endpoint/AntiExploit-blocking-Chrome-and-Edge/m-p/132627#M4785 <P>Same for us:</P><P>Chrome yesterday for some users, Edge today.</P><P>Id: c20e8565-81a0-5410-6177-efad27a60000<BR />Sequencenum: 1<BR />Product Family: Endpoint<BR />Event Type: Forensics Case Analysis<BR /><BR />Severity: High<BR />Description: To exclude: Open the Harmony Endpoint Management -&gt; policy -&gt; Threat Prevention -&gt; EXCLUSION CENTER -&gt; Exclusion Settings -&gt; Web and Files Protection -&gt; Threat Emulation... -&gt; + -&gt; SHA1 -&gt; paste this: d3d8253e-3bd458aa-19968b0c-312c774d-26baef79 Attack status: Cleaned.<BR />Client Name: Check Point Endpoint Security Client<BR />Product Version: 85.40.2076<BR />Installed Blades: Firewall; Application Control; Anti-Malware; VPN; Anti-Bot; Forensics; Threat Emulation<BR /><BR />Forensics Analysis: 457ab508-d779-4aa7-8720-89b8c60b407a<BR />Triggered By: Endpoint Anti-Exploit<BR />Attack Status: Cleaned<BR />Protection Name: Gen.Exploiter.ROP<BR />Protection Type: Generic<BR />Malware Action: a ROP virtual memory allocation exploit<BR />File Name: msedge.exe<BR />File MD5: fda107354688b32939d7f3e4e286c069<BR />File Type: exe<BR />File Size: 8631461295071690752<BR />File SHA-1: d3d8253e3bd458aa19968b0c312c774d26baef79<BR />File SHA-256:<BR />Confidence Level: High<BR />Policy Name: Default Forensics settings<BR />Policy Date: 2021-09-24T08:32:23Z<BR />Policy Version: 18<BR />Remediated Files: msedge.exe(Terminated before), msedge.exe(Terminated before), (Terminated before), msedge.exe(Terminated before), msedge.exe(Terminated before), msedge.exe(Terminated before), msedge.exe(Terminated before), (Terminated before)<BR />Impacted Files:<BR />Suspicious Events: Exploitation for Client Execution: msedge.exe; Drive-by Compromise: msedge.exe; User Execution: msedge.exe;<BR />Incident Details: msedge.exe(fda107354688b32939d7f3e4e286c069);<BR />General Information:<BR />Service Domain: ep-demo<BR />Action: Prevent<BR />Packet Capture: Packet Capture<BR />Type: Log<BR />Blade: Forensics<BR />Lastupdatetime: 1635250093000<BR />Lastupdateseqnum: 1<BR />Stored: true<BR />Description: To exclude: Open the Harmony Endpoint Management -&gt; policy -&gt; Threat Prevention -&gt; EXCLUSION CENTER -&gt; Exclusion Settings -&gt; Web and Files Protection -&gt; Threat Emulation... -&gt; + -&gt; SHA1 -&gt; paste this: xxxxxxxxxxxxxxxxxxxxxxxxx Attack status: Cleaned.</P> Tue, 26 Oct 2021 12:28:08 GMT Tobias_Karsbo 2021-10-26T12:28:08Z https://community.checkpoint.com/t5/Endpoint/AntiExploit-blocking-Chrome-and-Edge/m-p/132598#M4782 <P>Hello.</P><P>I am having problems in one client because Harmony Endpoint is blocking Chrome and Edge with no special reason.</P><P>I get alert that Anti-Exploit block threat, but i dont find anything that might cause this.</P><P>&nbsp;</P><P>Endpoint version - 85.10.0575</P><P>&nbsp;</P><P>More info in attach</P><P>&nbsp;</P><P>Regards</P><P>Pedro</P><P>&nbsp;</P> Tue, 26 Oct 2021 08:17:42 GMT https://community.checkpoint.com/t5/Endpoint/AntiExploit-blocking-Chrome-and-Edge/m-p/132598#M4782 PCTI 2021-10-26T08:17:42Z https://community.checkpoint.com/t5/Endpoint/AntiExploit-blocking-Chrome-and-Edge/m-p/132626#M4784 <P>Please follow-up with TAC regarding a permanent solution, in the interim see&nbsp;<SPAN>sk154455.</SPAN></P> <P><SPAN><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk154455" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk154455</A></SPAN></P> Tue, 26 Oct 2021 23:53:22 GMT https://community.checkpoint.com/t5/Endpoint/AntiExploit-blocking-Chrome-and-Edge/m-p/132626#M4784 Chris_Atkinson 2021-10-26T23:53:22Z https://community.checkpoint.com/t5/Endpoint/AntiExploit-blocking-Chrome-and-Edge/m-p/132627#M4785 <P>Same for us:</P><P>Chrome yesterday for some users, Edge today.</P><P>Id: c20e8565-81a0-5410-6177-efad27a60000<BR />Sequencenum: 1<BR />Product Family: Endpoint<BR />Event Type: Forensics Case Analysis<BR /><BR />Severity: High<BR />Description: To exclude: Open the Harmony Endpoint Management -&gt; policy -&gt; Threat Prevention -&gt; EXCLUSION CENTER -&gt; Exclusion Settings -&gt; Web and Files Protection -&gt; Threat Emulation... -&gt; + -&gt; SHA1 -&gt; paste this: d3d8253e-3bd458aa-19968b0c-312c774d-26baef79 Attack status: Cleaned.<BR />Client Name: Check Point Endpoint Security Client<BR />Product Version: 85.40.2076<BR />Installed Blades: Firewall; Application Control; Anti-Malware; VPN; Anti-Bot; Forensics; Threat Emulation<BR /><BR />Forensics Analysis: 457ab508-d779-4aa7-8720-89b8c60b407a<BR />Triggered By: Endpoint Anti-Exploit<BR />Attack Status: Cleaned<BR />Protection Name: Gen.Exploiter.ROP<BR />Protection Type: Generic<BR />Malware Action: a ROP virtual memory allocation exploit<BR />File Name: msedge.exe<BR />File MD5: fda107354688b32939d7f3e4e286c069<BR />File Type: exe<BR />File Size: 8631461295071690752<BR />File SHA-1: d3d8253e3bd458aa19968b0c312c774d26baef79<BR />File SHA-256:<BR />Confidence Level: High<BR />Policy Name: Default Forensics settings<BR />Policy Date: 2021-09-24T08:32:23Z<BR />Policy Version: 18<BR />Remediated Files: msedge.exe(Terminated before), msedge.exe(Terminated before), (Terminated before), msedge.exe(Terminated before), msedge.exe(Terminated before), msedge.exe(Terminated before), msedge.exe(Terminated before), (Terminated before)<BR />Impacted Files:<BR />Suspicious Events: Exploitation for Client Execution: msedge.exe; Drive-by Compromise: msedge.exe; User Execution: msedge.exe;<BR />Incident Details: msedge.exe(fda107354688b32939d7f3e4e286c069);<BR />General Information:<BR />Service Domain: ep-demo<BR />Action: Prevent<BR />Packet Capture: Packet Capture<BR />Type: Log<BR />Blade: Forensics<BR />Lastupdatetime: 1635250093000<BR />Lastupdateseqnum: 1<BR />Stored: true<BR />Description: To exclude: Open the Harmony Endpoint Management -&gt; policy -&gt; Threat Prevention -&gt; EXCLUSION CENTER -&gt; Exclusion Settings -&gt; Web and Files Protection -&gt; Threat Emulation... -&gt; + -&gt; SHA1 -&gt; paste this: xxxxxxxxxxxxxxxxxxxxxxxxx Attack status: Cleaned.</P> Tue, 26 Oct 2021 12:28:08 GMT https://community.checkpoint.com/t5/Endpoint/AntiExploit-blocking-Chrome-and-Edge/m-p/132627#M4785 Tobias_Karsbo 2021-10-26T12:28:08Z https://community.checkpoint.com/t5/Endpoint/AntiExploit-blocking-Chrome-and-Edge/m-p/132657#M4788 <P>Where can I see that SK? Anyone else have a solution?</P> Tue, 26 Oct 2021 18:44:32 GMT https://community.checkpoint.com/t5/Endpoint/AntiExploit-blocking-Chrome-and-Edge/m-p/132657#M4788 tom_allen 2021-10-26T18:44:32Z https://community.checkpoint.com/t5/Endpoint/AntiExploit-blocking-Chrome-and-Edge/m-p/132658#M4789 <P>Nevermind, I found the SK but I would rather have a solution.&nbsp;</P> Tue, 26 Oct 2021 18:53:33 GMT https://community.checkpoint.com/t5/Endpoint/AntiExploit-blocking-Chrome-and-Edge/m-p/132658#M4789 tom_allen 2021-10-26T18:53:33Z https://community.checkpoint.com/t5/Endpoint/AntiExploit-blocking-Chrome-and-Edge/m-p/132666#M4790 <P>Same Issue with 4 endpoints, all with E85.40 version.</P><P>chrome.exe and msedge.exe affected.&nbsp;</P><P>Malware action:&nbsp;a ROP virtual memory allocation exploit</P><P>Protection Name:&nbsp;Gen.Exploiter.ROP</P> Tue, 26 Oct 2021 22:26:52 GMT https://community.checkpoint.com/t5/Endpoint/AntiExploit-blocking-Chrome-and-Edge/m-p/132666#M4790 MikeB 2021-10-26T22:26:52Z https://community.checkpoint.com/t5/Endpoint/AntiExploit-blocking-Chrome-and-Edge/m-p/132667#M4791 <P>Yes got a reply from Tech Support, know issue and the workaround is to add an exclusion.</P> Tue, 26 Oct 2021 22:30:01 GMT https://community.checkpoint.com/t5/Endpoint/AntiExploit-blocking-Chrome-and-Edge/m-p/132667#M4791 tom_allen 2021-10-26T22:30:01Z https://community.checkpoint.com/t5/Endpoint/AntiExploit-blocking-Chrome-and-Edge/m-p/132693#M4795 <P>I have updated to 85.40 with no sucess.</P> Wed, 27 Oct 2021 08:43:19 GMT https://community.checkpoint.com/t5/Endpoint/AntiExploit-blocking-Chrome-and-Edge/m-p/132693#M4795 PCTI 2021-10-27T08:43:19Z https://community.checkpoint.com/t5/Endpoint/AntiExploit-blocking-Chrome-and-Edge/m-p/132694#M4796 <P>Per above a workaround is currently required until a permanent fix is made available (E86.00).</P> <P>&nbsp;</P> Tue, 02 Nov 2021 00:02:15 GMT https://community.checkpoint.com/t5/Endpoint/AntiExploit-blocking-Chrome-and-Edge/m-p/132694#M4796 Chris_Atkinson 2021-11-02T00:02:15Z https://community.checkpoint.com/t5/Endpoint/AntiExploit-blocking-Chrome-and-Edge/m-p/132784#M4807 <P>Also have the same problem ... had to apply the workarround <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P> Thu, 28 Oct 2021 10:07:32 GMT https://community.checkpoint.com/t5/Endpoint/AntiExploit-blocking-Chrome-and-Edge/m-p/132784#M4807 Pedro_Marques 2021-10-28T10:07:32Z https://community.checkpoint.com/t5/Endpoint/AntiExploit-blocking-Chrome-and-Edge/m-p/133036#M4830 <P>Hi Tom,</P> <P>The fix is included in E86.00 available now from <SPAN>sk175945.</SPAN></P> Tue, 02 Nov 2021 00:01:45 GMT https://community.checkpoint.com/t5/Endpoint/AntiExploit-blocking-Chrome-and-Edge/m-p/133036#M4830 Chris_Atkinson 2021-11-02T00:01:45Z