- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Anti Exploit False Positive
Good morning,
My name is Daniele Milani and I am the Tech Sales Leader of Ermes Cyber Security, an Italian cybersecurity firm.
In order for our browser protection to operate, we need to communicate with a desktop application, and we do so through native messaging (https://developer.chrome.com/docs/extensions/mv3/nativeMessaging/).
Unfortunately, the Forticlient Anti Exploit module marks that communication as malicious on chromium-based browsers, as evidenced by the log line below.
msg="AntiExpoit has detected violation" action= ae_api=CreateProcess ae_reason="Run payload in protected process" app="C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"
msg="AntiExpoit has detected violation" action= ae_api=CreateProcess ae_reason="Run payload in protected process" app=C:\Users\username\AppData\Local\Google\Chrome\Application\chrome.exe
Could you kindly mark this detection as a false positive?
Thanks so much,
Daniele
- Labels:
-
FortiClient
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Op sounds like a freelancer / works from home. He’s clearly not working at an office. Maybe there’s no room where he lives for a second computer or he can’t afford one at the moment. Saying him having or leaving open a program is his fault is irrelevant because it just proves his point that it scans your computer and not trying to make sure the game isn’t being tampered with. Adding to that just because you work on QA or malware research doesn’t mean you play videogames or play PC games. They probably work out of an office anyway.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello! I think that this answer belong to another thread...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Was there a real response to this question?
