"Browser Intrusion Prevention is not functioning correctly" warning in SEP/SES client when Chrome extension is blocked
search cancel

"Browser Intrusion Prevention is not functioning correctly" warning in SEP/SES client when Chrome extension is blocked

book

Article ID: 226741

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Security

Issue/Introduction

"Browser Intrusion Prevention is not functioning correctly" warning in Symantec Endpoint Protection / Endpoint Security client, when the installation of SEP Chrome extension is blocked, or "Component is malfunctioning" under the Chrome Browser Extension column in the Disabled Clients report.

Cause

This may occur in SEP/SES version 14.3 RU3 or later if the SEP Chrome extension is blocked. See blocking methods described at bottom of the following KB article: Installing the Endpoint Protection Chrome Browser Extension using an Active Directory Group Policy Object

When the SEP Chrome extension is properly allowed, you should see a registry entry of the form

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist
    REG_SZ

        pamolibmfebkknkdmfabpjebifbffbec;https://clients2.google.com/service/update2/crx

        or


        C:\ProgramData\Symantec\Symantec Endpoint Protection\<Version>\Data\Definitions\WebExtDefs\20210809.038\updates.xml, where <Version> is the number version of SEP.  i.e. 14.3.7388.4000

Resolution

This message can be resolved either by enabling the Chrome Browser Extension or by disabling it via policy, which will cause the Endpoint client to remove the extension if it exists or stop trying to install it if it does not.  This requires the client software to be version 14.3 RU4 or newer.  If clients are managed by an on-premises SEPM, the SEPM must be updated to 14.3 RU5 or newer, but clients do not need to be upgraded past 14.3 RU4.

To disable the Chrome Browser Extension through policy, disable IPS "Browser Intrusion Prevention" in SES client settings or SEP IPS policy.  This will unload or prevent the installation of the SES Chrome browser extension and clear the error.  When re-enabling Browser Intrusion prevention, it can take some time for the extension to load.

If you disable Browser Intrusion Prevention in SEP Policy, you may still see a Browser Intrusion Protection is Disabled error on the client UI.  To avoid this, select the padlock icon next to the policy item to "lock" the BIPS in disabled state.