Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Defend workflows] Endpoint Insights show Google Chrome setup and installation as an AV (antivirus). #211156

Open
sukhwindersingh-qasource opened this issue Feb 14, 2025 · 3 comments
Open

[Defend workflows] Endpoint Insights show Google Chrome setup and installation as an AV (antivirus). #211156

sukhwindersingh-qasource opened this issue Feb 14, 2025 · 3 comments
Assignees
@joeypoon
Labels
bug Fixes for quality problems that affect the customer experience impact:critical This issue should be addressed immediately due to a critical level of impact on the product. OLM Sprint Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v9.0.0

Comments

@sukhwindersingh-qasource
Copy link

sukhwindersingh-qasource commented Feb 14, 2025
edited by dasansol92
Loading

Describe the bug:

  • Endpoint Insights show Google Chrome setup and installation as an AV (antivirus).

Build Details:
VERSION: 9.0.0-beta1 BC3
BUILD: 83575
COMMIT: a9ae718

Login Credentials

Preconditions

  • Kibana 9.0.0-beta1 should be present.
  • Endpoint Insight connector should be added.
  • Set up the VM from the GCP Cloud Console (Windows 10).
  • Install the agent on the same VM.
  • Download and install Google Chrome on the same VM.

Steps to Reproduce

  • Navigate to the Endpoints page.
  • Click on the Endpoint name.
  • Generate insights by clicking on the Scan button.
  • Observe that Endpoint Insights displays Google Chrome setup and installation as an AV (antivirus).

Actual result

  • Endpoint Insights show Google Chrome setup and installation as an AV (antivirus).

Expected Result

  • Endpoint Insights should not display Google Chrome setup and installation as an AV (antivirus).

Screen-shot

Endpoints.-.Kibana.Mozilla.Firefox.2025-02-14.11-57-38.mp4

Image

Logs

  • N/A

AC

  •  Get more acurated results for AV insights.
@sukhwindersingh-qasource sukhwindersingh-qasource added bug Fixes for quality problems that affect the customer experience impact:critical This issue should be addressed immediately due to a critical level of impact on the product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v9.0.0 labels Feb 14, 2025
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

@muskangulati-qasource
Copy link

Reviewed and assigned to @dasansol92

@dasansol92 dasansol92 assigned joeypoon and unassigned dasansol92 Feb 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joeypoon joeypoon

Labels
bug Fixes for quality problems that affect the customer experience impact:critical This issue should be addressed immediately due to a critical level of impact on the product. OLM Sprint Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v9.0.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@joeypoon @dasansol92 @elasticmachine @muskangulati-qasource @sukhwindersingh-qasource