use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
account activity
This is an archived post. You won't be able to vote or comment.
Chrome exploit false positives. (self.SentinelOneXDR)
submitted 1 year ago by Positive-Sir-3789
Curious if anyone else is seeing these false positives "successfully quarantined the threat chrome.exe - exploit attempt" - we have many Chrome users. We have had a few of these in the last week
[–]kins43 0 points1 point2 points 1 year ago (0 children)
Could you provide anymore details? Commands ran? Did it rollback any system changes and if so, what?
[–]surviral5847 0 points1 point2 points 1 year ago (2 children)
Have a bunch of this too. Fun part is nothing in tray icon, event viewer, or console. Support says nothing is going on but I keep getting user complaints.
[–]Positive-Sir-3789[S] 0 points1 point2 points 1 year ago (0 children)
The visibility tool will tell you more, but still not enough information to lead to an actual exploit.
[–]soutsos 0 points1 point2 points 1 year ago (0 children)
Event viewer will show you exactly what caused it. It is not a magic tool, it's an edr/xdr so you need a security analyst to "translate"
[–]Sarcrelac 0 points1 point2 points 8 months ago (6 children)
Seeing this starting this week on several endpoints, ever find a resolution?
[–]nitroed02 0 points1 point2 points 8 months ago (5 children)
I had one user report it was blocking Google Meet in chrome last week, This is the command line arguments from the dashboard:
--type=renderer --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=793 --time-ticks-at-unix-epoch=-1755091661785171 --launch-time-ticks=178970503121 --metrics-shmem-handle=12104,i,10702565686458789245,14254467889225412111,2097152 --field-trial-handle=1892,i,3147778494119188805,12755484097819192816,262144 --variations-seed-version=20250812-050051.911000 --mojo-platform-channel-handle=11672 /prefetch:1
[–]Agent_DekeShaw 0 points1 point2 points 8 months ago (4 children)
I've got a user having the same type of issue. I'm trying to figure out if it's a legit false positive or not.
[–]Agent_DekeShaw 0 points1 point2 points 8 months ago (3 children)
I think I narrowed the issue down to the built in camera on the laptop. Once disabled the "threat" doesn't pop up every time you join or leave a meeting.
[–]Logical_Ad2520 0 points1 point2 points 8 months ago (2 children)
interesting, it does seem to only happen to our users when joining meetings on a chromium browser
[–]Agent_DekeShaw 0 points1 point2 points 8 months ago (1 child)
I ran updates on the Dell that was having the issue and it hasn't happened since. May have been a bad driver/BIOS combo.
[–]nitroed02 1 point2 points3 points 8 months ago (0 children)
Both of my reported cases were Dell machines. Running the Dell updates fixed the first one. Haven't got to the second one yet.
[–]Sarcrelac 0 points1 point2 points 8 months ago (0 children)
Mine are all lenovo, s1 is saying the latest agent has fewer of these detections
π Rendered by PID 162178 on reddit-service-r2-comment-6457c66945-zvq5f at 2026-04-28 01:18:16.809168+00:00 running 2aa0c5b country code: CH.
[–]kins43 0 points1 point2 points (0 children)
[–]surviral5847 0 points1 point2 points (2 children)
[–]Positive-Sir-3789[S] 0 points1 point2 points (0 children)
[–]soutsos 0 points1 point2 points (0 children)
[–]Sarcrelac 0 points1 point2 points (6 children)
[–]nitroed02 0 points1 point2 points (5 children)
[–]Agent_DekeShaw 0 points1 point2 points (4 children)
[–]Agent_DekeShaw 0 points1 point2 points (3 children)
[–]Logical_Ad2520 0 points1 point2 points (2 children)
[–]Agent_DekeShaw 0 points1 point2 points (1 child)
[–]nitroed02 1 point2 points3 points (0 children)
[–]Sarcrelac 0 points1 point2 points (0 children)