Question Intrusion prevention not working as expected

[Razza]

Hi, am trying to config Intrusion prevention so only Google Chrome can access the browser data C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\*, the way I've set it up is added ever Chorme exe to a sub group of trusted and on manage resources set ever other group of deny but set the sub group containing Chorme executable to allow but its not working since Kaspersky seem to be ignoring the allow and using the setting of deny for the trusted group.

Here the log entry for it .

12/07/2023 16:05:54;We applied the rule created by you to control activity of the application;Google Chrome;chrome.exe;C:\Program Files\Google\Chrome\Application;5164;DESKTOP-*****\Ryan;Initiator;Modify;Blocked;Blocked;Personal data;File access;High;;settings.dat;C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Crashpad;File;Personal data

That application is set to allow

 

[harlan4096]

Can you post also the rule of the folder, and where did You place the rule?

Anyway, I already posted in a different thread some weeks ago, that this kind of so strict rules may cause some issues. Since probably some system services also need access to that folder, so You can't BLOCK EVERYTHING IN THE SYSTEM except Chrome to access there...

 

[Razza]

Can you post also the rule of the folder, and where did You place the rule?

Anyway, I already posted in a different thread some weeks ago, that this kind of so strict rules may cause some issues. Since probably some system services also need access to that folder, so You can't BLOCK EVERYTHING IN THE SYSTEM except Chrome to access there...

The rule is placed under user files, I've edited to be less restrictive to only allow trusted, Google chrome is trusted, ever system file should also be trusted, still the same same message in the logs Today, 12/07/2023 18:24:54;We applied the rule created by you to control activity of the application;Google Chrome;.exe;C:\Program Files\Google\Chrome\Application;8792;DESKTOP-XXXX\Ryan;Initiator;Modify;Blocked;Blocked;Personal data;File access;High;;settings.dat;C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Crashpad;File;Personal data if Kaspersky was actually applying the rule i created then It should of allow chrome.exe not block it

 

[harlan4096]

Did You close Chrome before/after applied the rules? let me some time to try to reproduce/fix the possible issue...

 

[Razza]

Did You close Chrome after applied the rules? let me some time to try to reproduce/fix the possible issue...

Yes I closed it, ever did a restart.

 

[Razza]

Having trusted set to deny and allowing Google and Microsoft group works, I've might try later too see what Microsoft executables are needed I've try just explorer that not enough.

A minor annoyance the rules don't see to get updated unless I reboot the system.

 

[harlan4096]

Yeah, I was just setting the same rules here, also allowing Kaspersky files group.

But still did not reboot the system... Chrome opens, but still getting partially blocking:

 

[harlan4096]

But my rule is a bit different from yours:

 

[Razza]

I try just restricting just the folder that actual stores the profile C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\* to just chrome its did open but resulted in a profile load error adding Microsoft fixed it

I think the best am going to get is limiting it to Chrome and Microsoft that works without issue, the other option I allow each MS process one by one until I find the needed one but don't think am going to waste my time finding it , thank for trying to debug the issue @harlan4096 .