I just got a HIPS alert that google chrome wants to access system memory.
I am puzzled by this, for two reasons:
1 chrome is a trusted process
2 I was not actively browsing the internet. Although I had gmail open, it was not the active window.
I blocked it, although I am almost certain that it was not malicious
can anyone understand what this was all about?
Can you show the HIPS event log that indicates the access attempt? Also do you happen to have enabled use adaptive mode under low system resources in HIPS settings?
I don’t have adaptive mode enabled, attached screenshot of chrome events
well, I am getting an error message from the site about uploading files, so I am attaching a link to my screenshot
I wouldn’t worry to much about it, most likely a one off event, unless you can reliably replicate it. Maybe chrome was trying to accesses one of the its own processes which was not running at the time of access and the HIPS just put System as the target.
when I allow it, it creates a HIPS rule for chrome. If I delete the rule, then the alert repeats itself a little later in the day.
What’s listed under ‘Related alert’ in your screenshot?
Also, provide a screenshot of the (extended) info that’s listed in your HIPS alert.
Although I’m not a Google Chrome user, it doesn’t sound right as their approach was to not rely on such access rights in order to improve security. (simply said)
Perhaps something like that happens in initiation (before sandboxing) or it’s triggered by an extension or a specific flag, configuration of Google Chrome.
It could be triggered with an injected DLL, I think. You should check loaded modules. (in the sense that another application causes it)
Not sure what to say.
I am running HitmanPro.Alert, and it injects DLLs everywhere. maybe that is it.
Anyways, I decided I am not going to worry about it. If chrome needs an extra click to allow it to do things, let it be.
Also, I have a couple chrome flags enabled, one of them is appcontainer lockdown.
I am happy to see that COMODO HIPS is awake and protecting the system even for trusted processes.