3 Replies Latest reply on Nov 6, 2017 2:21 PM by GJHorn

    Issues with AV alerts from using Chrome

    GJHorn Specialist

      Has anyone seen Ivanti alerts (on screen and through alerting) showing issues with Chrome usage? I'm not sure Chrome is doing here.

       

      This is the alert:

      Description: Risky program C:\Users\xxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgfehfbnofiffladdncogfobimealokp\1.300.12.6081_0\common\js\PartnerId.js was successfully quarantined.

      Computer name: UBM69139.ubm.net

      Severity: Informational

      Time (UTC): 11/2/2017 5:50:35 PM(UTC)

       

      This occurs many times with each user. Each time there is a different .js file. I think it is some kind of false positive. Here are some log entries.

      Filename=httpTransport.js

      Thu, 02 Nov 2017 13:04:52 GUIDFilename=d2b0685ca1a7cb51

      Thu, 02 Nov 2017 13:04:52 OriginalLocation=C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lacjhcgjigifchcapcccoippjdnkbagj\12.703.11.59623_0\shared\httpTransport.js

      Thu, 02 Nov 2017 13:04:52 Virus=not-a-virus:HEUR:AdWare.Script.Generic

      Thu, 02 Nov 2017 13:04:52 iObjStatus=3, Status=2

      Thu, 02 Nov 2017 13:04:52 #13

      Thu, 02 Nov 2017 13:04:52 Skip #13 [null params section]

      Thu, 02 Nov 2017 13:04:52 #14

      Thu, 02 Nov 2017 13:04:52 Skip #14 [null params section]

      Thu, 02 Nov 2017 13:04:52 #15

      Thu, 02 Nov 2017 13:04:52 Filename=testHttpTransport.js

      Thu, 02 Nov 2017 13:04:52 GUIDFilename=f4da0e9cf06ded23

      Thu, 02 Nov 2017 13:04:52 OriginalLocation=C:\Users\xxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lacjhcgjigifchcapcccoippjdnkbagj\12.703.11.59623_0\shared\testHttpTransport.js

      Thu, 02 Nov 2017 13:04:52 Virus=not-a-virus:HEUR:AdWare.Script.Generic

      Thu, 02 Nov 2017 13:04:52 iObjStatus=3, Status=2

      Thu, 02 Nov 2017 13:04:52 Successfully retrieved quarantined list

      Thu, 02 Nov 2017 13:04:52 Formatting 12 quarantined objects...

      Thu, 02 Nov 2017 13:04:52 Querying for network list

      Thu, 02 Nov 2017 13:04:52 Backup

      Thu, 02 Nov 2017 13:04:52 Count=2

      Thu, 02 Nov 2017 13:04:52 #0

      Thu, 02 Nov 2017 13:04:52 Filename=PartnerId.js

      Thu, 02 Nov 2017 13:04:52 GUIDFilename=21c349b43f367f85

      Thu, 02 Nov 2017 13:04:52 OriginalLocation=C:\Users\xxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgfehfbnofiffladdncogfobimealokp\1.300.12.6081_0\common\js\PartnerId.js

      Thu, 02 Nov 2017 13:04:52 Virus=not-a-virus:AdWare.JS.MyWebSearch.a

      Thu, 02 Nov 2017 13:04:52 iObjStatus=9, Status=7

      Thu, 02 Nov 2017 13:04:52 #1

      Thu, 02 Nov 2017 13:04:52 Filename=PartnerId.js

      Thu, 02 Nov 2017 13:04:52 GUIDFilename=8b61eb9fb809951a

      Thu, 02 Nov 2017 13:04:52 OriginalLocation=C:\Users\xxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lacjhcgjigifchcapcccoippjdnkbagj\12.703.11.59623_0\common\js\PartnerId.js

      Thu, 02 Nov 2017 13:04:52 Virus=not-a-virus:AdWare.JS.MyWebSearch.a

      Thu, 02 Nov 2017 13:04:52 iObjStatus=9, Status=7

      Thu, 02 Nov 2017 13:04:52 Successfully retrieved quarantined list

      Thu, 02 Nov 2017 13:04:52 Formatting 2 backup objects...