ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

"Browser Intrusion Prevention is not functioning correctly" warning in SEP client when Chrome extension is blocked

book

Article ID: 226741

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Security

Issue/Introduction

"Browser Intrusion Prevention is not functioning correctly" warning in Symantec Endpoint Protection / Endpoint Security client, when the installation of SEP Chrome extension is blocked.

Cause

This may occur in SEP/SES version 14.3 RU3 or later if the SEP Chrome extension is blocked. See blocking methods described at bottom of the following KB article: Installing the Endpoint Protection Chrome Browser Extension using an Active Directory Group Policy Object

When the SEP Chrome extension is properly allowed, you should see a registry entry of the form

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist
    REG_SZ

        pamolibmfebkknkdmfabpjebifbffbec;https://clients2.google.com/service/update2/crx

        or


        C:\ProgramData\Symantec\Symantec Endpoint Protection\<Version>\Data\Definitions\WebExtDefs\20210809.038\updates.xml, where <Version> is the number version of SEP.  i.e. 14.3.7388.4000

Resolution

Starting with SES 14.3 RU4, you can disable IPS "Browser Intrusion Prevention" in SES client settings or SES IPS policy which will unload or prevent the installation of the SES Chrome browser extension without producing this error. Note: when re-enabling Browser Intrusion prevention, it can take some time for the extension to reload.

NOTE: The above change is only for cloud enrolled SES clients. SEP clients managed with on-premises SEPM will include this feature in version 14.3 RU5 (only the manager need be updated to RU5). Until then, disabling Browser Intrusion Prevention in SEP policy still requires the extension to be installed — it is just put into pass-through mode — and to prevent this error you must allow its installation or disable/withdraw the SEP IPS policy entirely.