Environment
Data Loss Prevention (DLP) Endpoint for Windows 11.10.x, 11.9.x, 11.6.x
Adobe Acrobat
Adobe Reader
Google Chrome web browser
Windows 11 21H2 or Windows 11 22H2
Adobe Acrobat
Adobe Reader
Google Chrome web browser
Windows 11 21H2 or Windows 11 22H2
Summary
NOTE: This article is viewable only by registered ServicePortal users.
Following the release of the Microsoft Windows 11 June Security Update (KB5027231 and KB5027223), we've identified an issue that causes the Chrome browser, Adobe Acrobat, and Adobe reader to be unable to run on systems already protected by DLP Endpoint.
Following the release of the Microsoft Windows 11 June Security Update (KB5027231 and KB5027223), we've identified an issue that causes the Chrome browser, Adobe Acrobat, and Adobe reader to be unable to run on systems already protected by DLP Endpoint.
Problem
Google Chrome and Adobe Acrobat or Adobe Reader won't start following installation of the Windows 11 June Security Update (KB5027231 and KB5027223) when DLP Endpoint is present on the system.
System Change
Installation of Windows 11 June Security Update.
Cause
Customers began reporting these problems following the installation of the Microsoft WIndows 11 June Security Update (KB5027231 and KB5027223).
The problem occurs for Chrome if the Chrome and Edge Web Handler checkbox is enabled in the Windows Client Configuration policy, and Google Chrome isn't the default web browser. Adobe Acrobat and Adobe Reader will be impacted if a policy that contains Application File Access Protection Rules is present on a client system and Adobe isn't the default PDF application.
The problem occurs for Chrome if the Chrome and Edge Web Handler checkbox is enabled in the Windows Client Configuration policy, and Google Chrome isn't the default web browser. Adobe Acrobat and Adobe Reader will be impacted if a policy that contains Application File Access Protection Rules is present on a client system and Adobe isn't the default PDF application.
Solution
We are working with Microsoft to find a long-term solution to the problem. Customers should reach out to Microsoft to open cases and add support to the investigation.
Workaround 1
We recommend that customers make Google Chrome the default web browser and Adobe Acrobat/Adobe Reader as the default PDF reader. Our tests have shown that doing so resolves the issue.
See Make Chrome default browser (Windows 10 and above) for more information about making Google Chrome the default browser.
See "Solution 2" in Setting the Default PDF Viewer for more information about making Adobe Acrobat or Adobe Reader the default PDF application.
See Make Chrome default browser (Windows 10 and above) for more information about making Google Chrome the default browser.
See "Solution 2" in Setting the Default PDF Viewer for more information about making Adobe Acrobat or Adobe Reader the default PDF application.
Workaround 2
Customers can uninstall the Windows 11 June Security Update (KB5027231 and KB5027223) from impacted systems.
Workaround 3
Disable the DLP Endpoint security features associated with the issue.
NOTE: Taking this action will make it possible to exfiltrate data from the organization without a means of identification or remediation of data loss.
If Chrome is impacted:
NOTE: Taking this action will make it possible to exfiltrate data from the organization without a means of identification or remediation of data loss.
If Chrome is impacted:
- In the ePolicy Orchestrator (ePO) Policy Catalog, open the DLP 11.x section and edit the Windows Client Configuration Policy.
- Deselect the Chrome and Edge Web Handler option.
- Save the policy.
- Push the policy to impacted systems.
- Log into ePO.
- Verify in the DLP Policy Manager that there are no policies for Application File Access Control applied to Adobe Acrobat or Adobe Reader. Disable any such policies found.
- In the Policy catalog, open the Windows Client Configuration policy in the DLP 11.x area.
- Navigate to the Content Tracking section.
- Add or to the list and select the boxes next to them.
- Save and apply the policy.