How DLP Symantec Chrome extension works
Important parts of Chrome DLP Solution
A. Chrome extension (Chrome Webstore)
> Captures URL of ActiveTab using Chrome API
> Sends URL information to native messaging host
B. Broker Process (brkrprcs.exe)
> Extension is JavaScript, so it cannot directly talk to agent.
> Chrome provides Native messaging to enable communication between extension and native application (brkrprcs).
C. Chrome Connector (chrm.dll)
> Captures specific user actions on Chrome browser – File Upload, etc.
> Passes info about File being uploaded to EDPA
Overview of Symantec Chrome DLP Solution
A. User opens Chrome browser
> Chrome internally launches broker process
> Chrome also activates all the extensions including Symantec DLP
B. User navigates to a website like https://app.box.com
> Symantec DLP Chrome extension sends the active URL to EDPA through brkrprcs
C. User tries to upload a file through Chrome Browser
> Chrm.dll identifies the user action of file upload
> Sends the file name information to EDPA
> EDPA performs detection
When it comes to permissions, this is taken care of by the Agent installation which has to be done as a Admin or an account which has access to local group policy and registry because we are installing OS-level drivers and making changes to the registry. We will create the registry values --> Required Registries given from the below tech article.
https://knowledge.broadcom.com/external/article?legacyId=TECH233701