Exploit Guard blocking Chrome making calls Win32k.sys

by YaKs   Last Updated February 11, 2019 10:01 AM - source

I am in the process of implementing Exploit Guard in our W10 corporate image. I configured it using the GPO "Use a common set of exploit protection settings" that makes use of a XML file. Initially Chrome.exe was not included in the XML file.

I realized that when I opened Chrome, an event ID 10 appeared in
Application and Service Logs -> Microsoft -> Windows -> Security Mitigations -> Kernel mode

Process '\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe' (PID 9740) was blocked from making system calls to Win32k.sys.

I even explicitly included chrome.exe as an exception in the Program Setting list, forcing OFF in the setting "Disable Win32 system calls". To do that I just added this code to the XML file

<AppConfig Executable="chrome.exe">     
   <SystemCalls> DisableWin32kSystemCalls="false"/>   

But nothing changes, the same event ID appears. One interesting thing is that Chrome seems to work fine, not error windows or crashes.

Any idea how to solve this situation?

Many thanks.

Related Questions

Where can I find the OWASP Top 20?

Updated September 13, 2017 16:01 PM

Is the PS/2 connector really safer than USB?

Updated June 08, 2017 22:01 PM

Unwanted & invalid Bluetooth connection request on iMac

Updated February 11, 2019 02:01 AM

When MITM attack is possible....?

Updated March 05, 2017 20:01 PM

Is setupVPN extension safe?

Updated June 18, 2018 13:01 PM