mickel1

Level 2
I've install Smart Object Blocker from NVT but it prevents me from opening new tabs and the extension page in Google Chrome.

It shows the following message:

[6/17/2019 10:28:39 AM] Blocked Process: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Rule: [%PARENTPROCESS%: *\chrome.exe]
Command Line: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1664,5095605418468702548,12681468432390812615,131072 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3783095791521276296 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
Process Id: 5196
Parent Process Id: 5372
Parent Process: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Does anybody know which custom exclusion rule I should add to the exclusions file of SOB?

On this moment, I use the following rule so that I can still use Google Chrome:

Exclusions > Processes >

// Rules:
[%PARENTPROCESS%: *\chrome.exe]
 

shmu26

Level 81
Verified
Trusted
Content Creator
I've install Smart Object Blocker from NVT but it prevents me from opening new tabs and the extension page in Google Chrome.

It shows the following message:



Does anybody know which custom exclusion rule I should add to the exclusions file of SOB?

On this moment, I use the following rule so that I can still use Google Chrome:

Exclusions > Processes >
Try this:
[%PROCESS%: *chrome.exe] [%PARENTPROCESS%: *chrome.exe] [%PARENTSIGNER%: Google LLC]

But I am not a SOB user, so I am really just guessing. The right place to ask these questions is on the support thread for the product: Smart Object Blocker (Block EXE, DLL, Drivers)
 
Last edited:

mickel1

Level 2
Try this:
[%PROCESS%: *chrome.exe] [%PARENTPROCESS%: *chrome.exe] [%PARENTSIGNER%: Google LLC]

But I am not a SOB user, so I am really just guessing. The right place to ask these questions is on the support thread for the product: Smart Object Blocker (Block EXE, DLL, Drivers)
Thank you for your reply.

I already sent an email to info[at]novirusthanks.org

His reply:

Hello Mickel,

Please use this exclusion rule:

[%FILESIGNER%: Google LLC] [%PARENTPROCESS%: *\chrome.exe] [%PROCESS%:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe]

It is safer because it matches also the %PROCESS%.

With your rule *\chrome.exe will be able to spawn any process (dangerous).

Hope that helps.
 

mickel1

Level 2
Tell us if that solves your problem.
And how do you like SOB? Not so many people using it...
I solved the problem with the following exclusion rule:

[%FILESIGNER%: Google LLC] [%PARENTPROCESS%: *\chrome.exe]
The original rule was:

[%FILESIGNER%: Google Inc] [%PARENTPROCESS%: *\chrome.exe]
But Google changed from Google Ink to Google LLC (at least for Google Chrome).

He replied again:

Hello Mickel,

Sorry my bad, your initial rule is fine:

[%FILESIGNER%: Google LLC] [%PARENTPROCESS%: *\chrome.exe]

That way *\chrome.exe is allowed to run processes signed by Google LLC.

It is correct as you said, Google changed the signature from Google Inc
to Google LLC and that is why SOB was blocking it.