5 Replies Latest reply on Mar 28, 2017 4:23 AM by timothyb

    AMA blocking internet in Chrome

    Ralf.Sikkenga Rookie

      In our environment we upgraded AMA to version 10.1(286.0)

      The following problem arises: when we start chrome we don't have internet acces. When we stop the AppSense Application Manager Agent service on the client, we got internet access.

       

      In AMA we don't have any rules or settings applied for Chrome. When the AMA service is running and start Chrome we get the following error on Chrome: No internet connection availaible. DNS_PROBE_FINISHED_NO_INTERNET

       

      We didnt had this issue with AMA 8.9

       

      Any one familiar with this?

        • 1. Re: AMA blocking internet in Chrome
          jeff.lamb Rookie

          We have the exact same issue. To compare our environment, in-case there is any commonality, we are running on Windows 10 x64 Enterprise - current branch for business. VPN is Palo Alto Networks Global Protect. Anti malware is Microsoft SCEP and SCCM.

           

          Interestingly, Edge and IE work fine. It seems like all our other products work well. It is only affecting Chrome. We tried adding chrome.exe to the URMHookEx exceptions with no change.

          • 2. Re: AMA blocking internet in Chrome
            paulw SupportEmployee

            When chrome is loaded if you run Process explorer and review the Dll's loaded into chrome, do you see BrowserHook.dll?

             

            If so I would test adding chrome to the BrowserHookEx custom setting, this will prevent the Dll loading into chrome, does this stop the behaviour?

            • 3. Re: AMA blocking internet in Chrome
              Ralf.Sikkenga Rookie

              We added the chrome.exe for "DriverHookEx" at the custom settings and it works again in Chrome.

              thx for the response!

              • 4. Re: AMA blocking internet in Chrome
                timothyb SupportEmployee

                You probably don't want to use DriverHookEx on a permanent basis unless you're happy to trust the Chrome.exe process.  This will prevent the AM hook from getting into the Chrome process.  As a failback if the hook isn't loaded, Chrome will still fall back to the filter driver for denying execution of process launches.  So it doesn't remove all of AM functionality but the hook is a key part.  There are a few exclusions settings within the Advanced Configuration option:

                 

                DriverHookEx - Prevents the hook from being loaded into a running process by the driver.

                AppHookEx - The hook is still loaded in but ANAC rules are not processed.

                UrmHookEx - The hook is still loaded but AAC and URM rules are not processed.

                ExProcessNames - Exclude the process from being monitored by the filter driver.

                BrowserHookEx - Prevents URL Redirection, web installations or elevated web functionality.

                 

                Using the above advanced settings is very useful to determine which component to investigate.  Depending upon the application and environment, it maybe acceptable to leave it in the exception list.

                A review through some of the incidents we've got raised at the moment shows a case with DNS_PROBE_FINISHED_NO_INTERNET.  In that customer's environment Chrome had been packaged with App-V.  If your environment is similar, I would suggest raising a Support incident to have it linked to this investigation.

                • 5. Re: AMA blocking internet in Chrome
                  timothyb SupportEmployee

                  The incident we have raised, where Chrome is exhibiting a similar behaviour to your question has now been raised as a Problem for Development to investigate.  The knowledge article for this is: App-V packaged Chrome.exe fails to connect to internet with Application Manager running .