How DLP Symantec Chrome extension works

book

Article ID: 195196

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention

Issue/Introduction

How DLP Symantec Chrome extension works

Resolution

Important parts of Chrome DLP Solution

A. Chrome extension (Chrome Webstore)

  > Captures URL of ActiveTab using Chrome API
  > Sends URL information to native messaging host

B. Broker Process (brkrprcs.exe)

  > Extension is JavaScript, so it cannot directly talk to agent.
  > Chrome provides Native messaging to enable communication between extension and native application (brkrprcs).

C. Chrome Connector (chrm.dll)
  
  > Captures specific user actions on Chrome browser – File Upload, etc.
  > Passes info about File being uploaded to EDPA

Overview of Symantec Chrome DLP Solution

A. User opens Chrome browser

  > Chrome internally launches broker process
  > Chrome also activates all the extensions including Symantec DLP

B. User navigates to a website like https://app.box.com

  > Symantec DLP Chrome extension sends the active URL to EDPA through brkrprcs

C. User tries to upload a file through Chrome Browser

  > Chrm.dll identifies the user action of file upload
  > Sends the file name information to EDPA
  > EDPA performs detection

When it comes to permissions, this is taken care of by the Agent installation which has to be done as a Admin or an account which has access to local group policy and registry because we are installing OS-level drivers and making changes to the registry. We will create the registry values --> Required Registries given from the below tech article. 

https://knowledge.broadcom.com/external/article?legacyId=TECH233701