Technical Tip: Browser events are not reported on Windows with the Chrome 126 update
| Description | This article describes events not reported on Windows with the Chrome 126 update. |
| Scope | FortiDLP. |
| Solution | Summary: Reveal Agent releases up to and including 11.3.2 on the Windows platform will not report browser events and detections raised from browser activity with any version of Chrome released after 11th July 2024. Web upload blocking will also stop functioning.
Impact: No browser events or detections from browser activity will be raised. Web upload blocking will stop functioning.
Root Cause: The Reveal Agent uses the signing certificate of the Browser to help identify that it is communicating with a legitimate browser. As the signing certificate for Chrome was updated for releases after 11th July, this means the Reveal Agent no longer trusts Google Chrome, and the browser extension cannot communicate with the Reveal Agent to send browser events or receive verdicts on file uploads.
Identifying potentially impacted nodes:
Workaround: A temporary solution, if required before an upgrade to 11.3.3 is possible, is to downgrade or limit the upgrade of Chrome to version 126.0.6478.127 as this is the last version where certificates will be trusted. This can be done with Group Policy by following the instructions outlined by Google here.
Solution: The 11.3.3 version of the Reveal Agent is now available to download from and via Automatic Update. Customers with Automatic Updates for Reveal Agent set to 'Latest' will pick up this release automatically.
Note: Reveal Agent release 11.3.2 and later introduces an additional process for both Windows and macOS that should be excluded from antivirus scanning to ensure interoperability: Windows: C:\Program Files\Jazz Networks\Agent\contentng.exe |
