Chrome detection fails with Network Service Sandbox Enabled

book

Article ID: 233747

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Endpoint Prevent

Issue/Introduction

After installing Google Chrome 100 or manually enabling the NetworkServiceSandboxEnabled policy for Chrome, file uploads are no longer detected.

Cause

"As early as Chrome 100, to improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software."
See the following google support article for more information:
https://support.google.com/chrome/a/answer/7679408?hl=en

In this case the feature is available as early as Chrome 96 but must be manually enabled via GPO. 

 

Environment

15.8

 

Resolution

Hotfix version 15.8.00201.01003 allows the network sandbox feature to remain enabled while not missing out on detections.   DLP 15.7 MP3 has been tested and works fine so no action needs to be taken.

 

If you are unable to install the hotfix at this time, the sandbox feature can be manually disabled by GPO. This will prevent the feature, once in an official Chrome release, from being enabled and thus breaking detection. 

Create the following new registry DWORD value

 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\

"NetworkServiceSandboxEnabled"=dword:00000000

 

Set the data to '0'

Relaunch Chrome. 

 

 

Additional Information

See the following beta materials from Google: 
https://docs.google.com/document/d/1Bk3Z8CUQucd8FP6ISKkT3Q9YYuP43574VIO_kyAISBU/view#