Twitter | Search | |
Kelly Shortridge
I was wondering why my Canarytoken (a file folder) was triggering & discovered the culprit was chrome.exe. Turns out quietly began performing AV scans on Windows devices last fall. Wtf m8? This isn’t a system dir, either, it’s in \Documents\
Reply Retweet Like More
Kelly Shortridge Mar 29
Replying to @swagitda_
Here’s the source on the Windows device scanning: “Chrome helps you find suspicious or unwanted programs on your Windows computer.”
Reply Retweet Like
Logan Attwood Mar 29
might be interested in this
Reply Retweet Like
Xavier Ashe Mar 29
I wonder what does with the data it collects via this hidden feature....
Reply Retweet Like
Kelly Shortridge Mar 29
As far as I can see, it doesn’t warn you about this anywhere in Chrome Settings (including Advanced Settings). Also couldn’t find any documentation on what exactly it’s supposed to scan, just that it does. Feels like something that should be an opt-in
Reply Retweet Like
Ant Stanley Mar 29
So do I! That would be more disturbing than Google doing it... I think ...
Reply Retweet Like
Kelly Shortridge Mar 29
Replying to @IamStan @googlechrome
I’m pretty confident it’s Chrome itself, not a plug-in or script, particularly given they admit they do it. But I’ll have to test further to 100% confirm
Reply Retweet Like
Kelly Shortridge Mar 29
Replying to @swagitda_
I’m also now wondering if this is why my box is crashing so often 🤔 when I googled the errors before, advice was to uninstall third party AV & until now I didn’t think I had any.... ffs
Reply Retweet Like
blank Mar 29
Replying to @swagitda_
I wonder if they are saving and uploading the file paths 'for cloud analysis'.
Reply Retweet Like
buherator Mar 30
Reply Retweet Like
م. محمد الدوب Mar 30
No reason to think they won't be doing it anytime soon. This makes me remember how the Google Chrome security team is so publicly against AV... And now they create a hidden one in their browser. Undocumented too.
Reply Retweet Like
Justin Schuh 🗑 Mar 30
Replying to @swagitda_ @laparisa
Well, it targets Chrome hijacking rather than the much broader scope of general purpose AV/AM. But yeah, here's the announcement (and we're also preparing to open source the AV sandbox code).
Reply Retweet Like
Kelly Shortridge Mar 30
Replying to @justinschuh @laparisa
I think it’s super unclear from that announcement that non-system files (ie personal / professional) files will also be scanned towards that goal. I’m actually really surprised you haven’t had pushback from enterprises (if they’re aware)
Reply Retweet Like
Justin Schuh 🗑 Mar 30
Replying to @swagitda_ @laparisa
Just to be very clear, this is all local scans with a local signature engine—so no data from the scans should leave the system (i.e. it's absolutely not "cloud" AV). It's also a vastly narrower and less invasive scan than conventional AV/AM.
Reply Retweet Like
Justin Schuh 🗑 Mar 30
Replying to @swagitda_ @laparisa
I also have to double check, but I believe there's an enterprise opt-out, because this is really intended for unmanaged consumer systems (since they're the most commonly hijacked).
Reply Retweet Like
Kelly Shortridge Mar 30
Replying to @justinschuh @laparisa
Really appreciate you responding & explaining (though I still really wish there was a consumer opt-out, even just in advanced settings). Will this be part of what you’ll be posting publicly?
Reply Retweet Like
мара-яга Mar 30
That ‘unwanted software policy’ is super interesting – would love to read/hear more about how Chrome-ESET makes it go
Reply Retweet Like
Justin Schuh 🗑 Mar 30
Replying to @swagitda_ @laparisa
A correction: There is currently no enterprise policy to disable it (because enterprise policies have been abused in the past to hijack consumer systems) but I'm having the team investigate solutions to better address enterprise concerns.
Reply Retweet Like
Justin Schuh 🗑 Mar 30
Replying to @swagitda_ @laparisa
The problem with consumer opt-outs is that they're the first switch that gets toggled during a hijack—so they end up being immediately self defeating. It's just a very hard set of concerns to balance.
Reply Retweet Like
Adam Mar 30
you could sue. deleting files without a consent is potentially criminal.
Reply Retweet Like