DeepWeb

Chrome and Edge use built-in DNS clients that bypass Surf Protection

Recommended Posts

I have been trying to figure out why Surf Protection would work in Firefox, but not in Chrome or Edge. As an example I used a website that is flagged as a privacy risk: 

adservice.everyone.com

I noticed that Surf Protection blocked the site in Firefox.

It did not block the site in Chrome when built-in DNS client was enabled. Surf Protection did work when the built-in DNS client was disabled.

It did not block the site in Edge because it uses a built-in DNS client in the latest version of Windows 10 (1709) that does not depend on the system's DNS client because disabling it still allows Edge to resolve pages.

 

Is this something Emsisoft has been looking into? While disabling the built-in DNS client works, it comes at the cost of speed. Webpages take longer to resolve. It would be great if there was a way for EAM to catch queries of the built-in DNS clients these browsers have.

Share this post


Link to post
Share on other sites

It's hard to see why a DNS client in a browser should be faster than one provided by the OS, unless (maybe) the OS one has been configured (probably via DHCP) to use a client in your router (and maybe be that's not working properly).

Share this post


Link to post
Share on other sites

Do a search because there are ways to disable chrome "prefetch". I just found one and have no way to test it. 

I doubt if Chrome can bypass the dns programmed in your router or entered in the network settings.

Share this post


Link to post
Share on other sites

I already have site and DNS prefetch disabled in Chrome through Group Policy. Chrome's and Edge's built-in DNS clients are asynchronous compared to the synchronous DNS that the system provides. The difference is very notable otherwise they wouldn't have implemented it. :D

 Regardless my point is because the built-in DNS client handles queries, Surf Protection is not kicking in while it kicks in for Firefox which doesn't have a built-in DNS client (yet). And yes like Bundaburra said my adblocker blocks the URL first but if I decide to proceed, Surf Protection blocks it. But for Chrome and Edge it goes straight to the site without warning or blocking it. And yes I have EAM set to block sites that pose a privacy risk. I do wonder if other Chrome users are experiencing the same issue and are able to confirm.

Share this post


Link to post
Share on other sites

I would believe this has to do with AppContainer (our DNS filtering works via hooks, and AppContainer prevents hooks). If you have the option in chrome://flags for AppContainer turned on, then turn it off. There's no way that I know of to turn it off for Edge, so you'll have to wait until we can fix this issue (which will hopefully be soon).

  • Upvote 1

Share this post


Link to post
Share on other sites
20 hours ago, GT500 said:

I would believe this has to do with AppContainer (our DNS filtering works via hooks, and AppContainer prevents hooks). If you have the option in chrome://flags for AppContainer turned on, then turn it off. There's no way that I know of to turn it off for Edge, so you'll have to wait until we can fix this issue (which will hopefully be soon).

will your filtering be further impacted when the chromium project (and chrome by extension) start blocking third party code injection altogether?

Share this post


Link to post
Share on other sites
4 hours ago, m0unds said:

will your filtering be further impacted when the chromium project (and chrome by extension) start blocking third party code injection altogether?

AppContainer already does that, so if it works with AppContainer then it should work fine with Google Chrome once they block third-party hooks.

Share this post


Link to post
Share on other sites
8 hours ago, andrey said:

Excuse me, did I understand correctly that you must disable the AppContainer function in the Chrome browser?

Only if you had previously turned it on. I don't think it's on by default (at least it didn't used to be on by default), so if you've never changed the setting then you shouldn't have to worry about it.

Feel free to test the Surf Protection by adding a custom rule to block (make sure you set it for Block and notify) a website that you know is safe (preferably one you haven't visited since you last closed your web browser), and then try to visit that website in Chrome to see if it gets blocked. If it doesn't, then try toggling the AppContainer setting to Disabled and see if that helps.

Note that you will probably have to restart Chrome before changes to the AppContainer setting will take effect.

Also, be sure to delete any custom rules you created for testing once you are done, that way you can visit those sites again if needed.

If you need a safe site to add to the custom rules for testing, then please feel free to use the following:

gt500.org

 

Screenshot of the Surf Protection settings, and what to click to get there:

image.png
Download Image

Share this post


Link to post
Share on other sites

Hi!

Thanks for the answer!

I have no problems with access to sites, as well as problems with blocking unreliable!

I thought it was a general, global recommendation to turn off AppContainer in Chrome.

p.s. Thanks, GT500, but of course I know how to create and edit rules.:blush:

  • Upvote 1

Share this post


Link to post
Share on other sites
6 hours ago, andrey said:

p.s. Thanks, GT500, but of course I know how to create and edit rules.:blush:

Of course, however others may want to try testing as well, so I wanted to add at least some information on how to do it in case someone who didn't already know wanted to try it. ;)

Share this post


Link to post
Share on other sites

After testing for a few more times, disabling AppContainer now allows EAM to monitor Chrome. That's a plus. But, Surf Protection still does not work.

Share this post


Link to post
Share on other sites

Have you changed any of the other settings or flags from the defaults? Do you have any security-related extensions installed? Are you using a VPN or proxy?

Share this post


Link to post
Share on other sites
On 4/3/2018 at 10:42 PM, GT500 said:

Have you changed any of the other settings or flags from the defaults? Do you have any security-related extensions installed? Are you using a VPN or proxy?

Yes. Here are my flags

Fast tab/window close

Enables fast tab/window closing - runs a tab's onunload js handler independently of the GUI. Mac, Windows, Linux, Chrome OS, Android

#enable-fast-unload
                   Disabled                   Enabled                                    

Hyperlink auditing

Sends hyperlink auditing pings.  Mac, Windows, Linux, Chrome OS, Android

#disable-hyperlink-auditing
                   Disabled                   Enabled                                    

Smooth Scrolling

Animate smoothly when scrolling page content.  Windows, Linux, Chrome OS, Android

#smooth-scrolling
                     DefaultEnabledDisabled                   
                   Disabled                   Enabled                                    

Overlay Scrollbars

Enable the experimental overlay scrollbars implementation. You must also enable threaded compositing to have the scrollbars animate.  Windows, Linux, Chrome OS

#overlay-scrollbars
                     DefaultEnabledDisabled                   
                   Disabled                   Enabled                                    

Experimental QUIC protocol

Enable experimental QUIC protocol support.  Mac, Windows, Linux, Chrome OS, Android

#enable-quic
                     DefaultEnabledDisabled                   
                   Disabled                   Enabled                                    

GPU rasterization

Use GPU to rasterize web content. Requires impl-side painting.  Mac, Windows, Linux, Chrome OS, Android

#enable-gpu-rasterization
                     DefaultEnabledDisabledForce-enabled for all layers                   
                   Disabled                   Enabled                                    

GPU rasterization MSAA sample count.

Specify the number of MSAA samples for GPU rasterization.  Mac, Windows, Linux, Chrome OS, Android

#gpu-rasterization-msaa-sample-count
                     Default024816                   
                   Disabled                   Enabled                                    

Scroll prediction

Predicts the finger's future position during scrolls allowing time to render the frame before the finger is there.  Mac, Windows, Linux, Chrome OS

#enable-scroll-prediction
                   Disabled                   Enabled                                    

UI Layout for the browser's top chrome

Toggles between normal and touch (formerly "hybrid") layouts.  Mac, Windows, Linux, Chrome OS

#top-chrome-md
                     DefaultNormalTouchAuto                   
                   Disabled                   Enabled                                    

Site settings with All sites and Site details

Adds new ways of viewing Site settings.  Mac, Windows, Linux, Chrome OS

#enable-site-settings
                   Disabled                   Enabled                                    

Touch Events API

Force Touch Events API feature detection to always be enabled or disabled, or to be enabled when a touchscreen is detected on startup (Automatic, the default).  Mac, Windows, Linux, Chrome OS

#touch-events
                     AutomaticEnabledDisabled                   
                   Disabled                   Enabled                                    

Manual password generation.

Show a 'Generate Password' option on the context menu for all password fields.  Mac, Windows, Linux, Chrome OS, Android

#enable-manual-password-generation
                     DefaultEnabledDisabled                   
                   Disabled                   Enabled                                    

Touch initiated drag and drop

Touch drag and drop can be initiated through long press on a draggable element. Windows, Chrome OS

#enable-touch-drag-drop
                     DefaultEnabledDisabled                   
                   Disabled                   Enabled                                    

LCD text antialiasing

If disabled, text is rendered with grayscale antialiasing instead of LCD (subpixel) when doing accelerated compositing.  Mac, Windows, Linux, Chrome OS

#lcd-text-aa
                     DefaultEnabledDisabled                   
                   Disabled                   Enabled                                    

Default tile width

Specify the default tile width.  Mac, Windows, Linux, Chrome OS, Android

#default-tile-width
                     Default1282565121024                   
                   Disabled                   Enabled                                    

Default tile height

Specify the default tile height.  Mac, Windows, Linux, Chrome OS, Android

#default-tile-height
                     Default1282565121024                   
                   Disabled                   Enabled                                    

Simple Cache for HTTP

The Simple Cache for HTTP is a new cache. It relies on the filesystem for disk space allocation.  Mac, Windows, Linux, Chrome OS

#enable-simple-cache-backend
                     DefaultDisabledEnabled                   
                   Disabled                   Enabled                                    

Zero-copy rasterizer

Raster threads write directly to GPU memory associated with tiles.  Mac, Windows, Linux, Chrome OS, Android

#enable-zero-copy
                     DefaultEnabledDisabled                   
                   Disabled                   Enabled                                    

Number of raster threads

Specify the number of raster threads.  Mac, Windows, Linux, Chrome OS, Android

#num-raster-threads
                     Default1234                   
                   Disabled                   Enabled                                    

Permission Action Reporting

Enables permission action reporting to Safe Browsing servers for opted in users.  Mac, Windows, Linux, Chrome OS, Android

#enable-permission-action-reporting
                     DefaultEnabledDisabled                   
                   Disabled                   Enabled                                    

Permissions Blacklist

Enables the Permissions Blacklist, which blocks permissions for blacklisted sites for Safe Browsing users.  Mac, Windows, Linux, Chrome OS, Android

#enable-permissions-blacklist
                     DefaultEnabledDisabled                   
                   Disabled                   Enabled                                    

Extension Content Verification

This flag can be used to turn on verification that the contents of the files on disk for extensions from the webstore match what they're expected to be. This can be used to turn on this feature if it would not otherwise have been turned on, but cannot be used to turn it off (because this setting can be tampered with by malware).  Mac, Windows, Linux, Chrome OS

#extension-content-verification
                     DefaultBootstrap (get expected hashes, but do not enforce them)Enforce (try to get hashes, and enforce them if successful)Enforce strict (hard fail if we can't get hashes)                   
                   Disabled                   Enabled                                    

User consent for extension scripts

Require user consent for an extension running a script on the page, if the extension requested permission to run on all urls.  Mac, Windows, Linux, Chrome OS, Android

#extension-active-script-permission
                   Disabled                   Enabled                                    

Tab audio muting UI control

When enabled, the audio indicators in the tab strip double as tab audio mute controls. This also adds commands in the tab context menu for quickly muting multiple selected tabs. Mac, Windows, Linux, Chrome OS

#enable-tab-audio-muting
                   Disabled                   Enabled                                    

Reduce default 'referer' header granularity.

If a page hasn't set an explicit referrer policy, setting this flag will reduce the amount of information in the 'referer' header for cross-origin requests.  Mac, Windows, Linux, Chrome OS, Android

#reduced-referrer-granularity
                   Disabled                   Enabled                                    

Show in-form warnings for sensitive fields when the top-level page is not HTTPS

Attaches a warning UI to any password or credit card fields detected when the top-level page is not HTTPS  Mac, Windows, Linux, Chrome OS, Android

#enable-http-form-warning
                     DefaultEnabledDisabled                   
                   Disabled                   Enabled                                    

Strict site isolation

Experimental security mode that ensures each renderer process contains pages from at most one site. In this mode, out-of-process iframes will be used whenever an iframe is cross-site.  Mac, Windows, Linux, Chrome OS, Android

#enable-site-per-process
                   Disabled                   Enabled                                    

Block scripts loaded via document.write

Disallows fetches for third-party parser-blocking scripts inserted into the main frame via document.write.  Mac, Windows, Linux, Chrome OS, Android

#disallow-doc-written-script-loads
                     DefaultEnabledDisabled                   
                   Disabled                   Enabled                                    

Enable offering upload of Autofilled credit cards

Enables a new option to upload credit cards to Google Payments for sync to all Chrome devices.  Mac, Windows, Linux, Chrome OS, Android

#enable-autofill-credit-card-upload
                     DefaultEnabledDisabled                   
                   Disabled                   Enabled                                    

Brotli Content-Encoding.

Enable Brotli Content-Encoding support.  Mac, Windows, Linux, Chrome OS, Android

#enable-brotli
                     DefaultEnabledDisabled                   
                   Disabled                   Enabled                                    

Automatic tab discarding

If enabled, tabs get automatically discarded from memory when the system memory is low. Discarded tabs are still visible on the tab strip and get reloaded when clicked on. Info about discarded tabs can be found at chrome://discards.  Mac, Windows

#automatic-tab-discarding
                     DefaultEnabledDisabled                   
                   Disabled                   Enabled                                    

Scroll Anchoring

Adjusts scroll position to prevent visible jumps when offscreen content changes.  Mac, Windows, Linux, Chrome OS, Android

#enable-scroll-anchoring
                     DefaultEnabledDisabled                   
                   Disabled                   Enabled                                    

Disable Audio For Desktop Share

With this flag on, desktop share picker window will not let the user choose whether to share audio.  Mac, Windows, Linux, Chrome OS, Android

#disable-audio-support-for-desktop-share
                   Disabled                   Enabled                                    

Framebusting requires same-origin or a user gesture

Don't permit an iframe to navigate the top level browsing context unless they are same-origin or the iframe is processing a user gesture.  Mac, Windows, Linux, Chrome OS, Android

#enable-framebusting-needs-sameorigin-or-usergesture
                     DefaultEnabledDisabled                   
                   Disabled                   Enabled                                    

New audio rendering mixing strategy

Use the new audio rendering mixing strategy.  Mac, Windows, Linux, Android

#new-audio-rendering-mixing-strategy
                     DefaultEnabledDisabled                   
                   Disabled                   Enabled                                    

Optimize background video playback.

Disable video tracks when the video is played in the background to optimize performance. Mac, Windows, Linux, Chrome OS, Android

#disable-background-video-track
                     DefaultEnabledDisabled                   
                   Disabled                   Enabled                                    

Throttle expensive background timers

Enables intervention to limit CPU usage of background timers to 1%.  Mac, Windows, Linux, Chrome OS, Android

#expensive-background-timer-throttling
                     DefaultEnabledDisabled                   
                   Disabled                   Enabled                                    

Custom-drawn Windows 10 Titlebar

If enabled, Chrome will draw the titlebar and caption buttons instead of deferring to Windows.  Windows

#windows10-custom-titlebar
                   Disabled                   Enabled                                    

Autoplay policy

Policy used when deciding if audio or video is allowed to autoplay.  Mac, Windows, Linux, Chrome OS, Android

#autoplay-policy
                     DefaultNo user gesture is required.User gesture is required for cross-origin iframes.Document user activation is required.                   
                   Disabled                   Enabled                                    

Parallel downloading

Enable parallel downloading to accelerate download speed.  Mac, Windows, Linux, Chrome OS, Android

#enable-parallel-downloading
                     DefaultEnabledDisabled                   
                   Disabled                   Enabled

                                    

---------

Other than that I use uBlock Origin, HTTPS Everywhere, IDN Safe, Local CDN. Network and DNS Prediction are enabled.

image.png
Download Image

Share this post


Link to post
Share on other sites

I don't see anything there that could be preventing the Surf Protection from working.

I've been told that Chrome and Edge do use their own DNS services now, however I've also been told that our Surf Protection still works with Chrome. Is there any other security software on the computer? Do you have any exclusions in Emsisoft Anti-Malware?

Share this post


Link to post
Share on other sites

I'm not the OP, but I didn't want to start a new thread, as this one already exists: Is this something you guys are going to be able to work around? Surf Protection still isn't working with Edge on my system (and I can reproduce the issue w/AppContainer lockdown and Chrome as well).

Share this post


Link to post
Share on other sites

I will use any other browser but Edge. To me it is worse than IE. Because fire fox has trouble rendering some sites, I switched to Chrome. Google spying ? I don't care as I don't have anything interesting to anyone else. Targeted ads ? they are stores I would go to anyway.

There is a setting to stop the dns in Chrome.

Share this post


Link to post
Share on other sites
14 minutes ago, Ken1943 said:

I will use any other browser but Edge. To me it is worse than IE. Because fire fox has trouble rendering some sites, I switched to Chrome. Google spying ? I don't care as I don't have anything interesting to anyone else. Targeted ads ? they are stores I would go to anyway.

There is a setting to stop the dns in Chrome.

that's great and all, but appcontainer lockdown still breaks EAM's surf protection.

Share this post


Link to post
Share on other sites
7 hours ago, m0unds said:

I'm not the OP, but I didn't want to start a new thread, as this one already exists: Is this something you guys are going to be able to work around? Surf Protection still isn't working with Edge on my system (and I can reproduce the issue w/AppContainer lockdown and Chrome as well).

It is something that we've been working on for some time now. We'll have it ready as soon as we can. ;)

Share this post


Link to post
Share on other sites
On 6/26/2018 at 5:26 PM, GT500 said:

It is something that we've been working on for some time now. We'll have it ready as soon as we can. ;)

thanks for the reply; glad to hear that, hope we see it soon.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.