You are here

Chrome Caused Security Alert by Employer, Cuz Writing to C: Drive. How to fix?

8 posts / 0 new
Last post
johnywhy
Offline
Last seen: 3 years 7 months ago
Joined: 2010-07-19 15:19
Chrome Caused Security Alert by Employer, Cuz Writing to C: Drive. How to fix?

I'm running Chrome Portable off external flash drive D:

It got my work computer tagged as "compromised", because it's writing to the C: drive

C:\Users\myUserName\AppData\Local\Temp\GoogleChromePortable

How to change this location?

Putting the disk-cache-dir flag into my launcher doesn't fix this behavior:

D:\Apps\GoogleChromePortable64\GoogleChromePortable.exe --disk-cache-dir=D:\Apps\GoogleChromePortable64\Cache

John T. Haller
John T. Haller's picture
Offline
Last seen: 2 hours 13 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
TEMP environment variable

It'll use the TEMP environment variable. You can do this at the platform level for all your apps by creating a folder called TempForPortableApps in the same directory as Start.exe (usually your flash drive's root directory).

Sometimes, the impossible can become possible, if you're awesome!

johnywhy
Offline
Last seen: 3 years 7 months ago
Joined: 2010-07-19 15:19
Does your fix require that i

Does your fix require that i have the PortableApps app installed?
i don't have Start.exe
i am only running Chrome standalone.
thx

Why not?

John T. Haller
John T. Haller's picture
Offline
Last seen: 2 hours 13 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Platform

I gave an example of how to do it at the PA.c Platform level easily as about 3/4 of users use the platform for management, updates, etc. And it would do it for all apps. If you're running standalone, you could do it with a .bat file. You can also set CacheInTemp=false in the INI file (copy GoogleChromePortable.ini from GoogleChromePortable\Other\Source to GoogleChromePortable and change the CacheInTemp entry). I *think* this will cause your cache to be within GoogleChromePortable\Data but check it to be sure.

Sometimes, the impossible can become possible, if you're awesome!

johnywhy
Offline
Last seen: 3 years 7 months ago
Joined: 2010-07-19 15:19
tried to use AppNee.com.P

Attempt to run Start gave: "PortableApps.com Platform: Unable to connect to Portableapps.com to retrieve portable apps. Please try again later. [invalidzipFilePossibleNoConnectionOrfirewall].

Yes, i'm behind a corporate firewall. If portable apps cannot work without admin rights, behind a corporate firewall, without failing and raising security flags from my company, then it should say so on this website. Please don't make me lose my job.

I think the whole POINT of portable apps is: work without admin rights, behind a corporate firewall. No?

Why not?

John T. Haller
John T. Haller's picture
Offline
Last seen: 2 hours 13 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
No

If your company has a policy against portable software, then you should not be using it.

You can setup and use the PA.c Platform at home and then bring it to work. What it was doing was either checking for updates (if you copied GoogleChromePortable into the PortableApps directory it creates) or trying to bring up the app store to let you start getting apps if there are no apps present. If you have Chrome within it, then it won't do the latter. And you can turn off checking for updates on launch within options.

Sometimes, the impossible can become possible, if you're awesome!

johnywhy
Offline
Last seen: 3 years 7 months ago
Joined: 2010-07-19 15:19
Thx, my company has no such

Thx, my company has no such policy, and i'm not asking you how i should operate within my company.

i appreciate the work of everyone who has created the portable apps.

But i think it is appropriate for portable apps to indicate if a software you're offering for download requires admin rights, a firewall exception, or writes to the C: drive. I think it's natural to expect that a portable app would NOT require those things. You didn't offer your opinion on that.

According to your answer, i would not use the portableapps app on my work computer, just google standalone. Google standalone works fine, no issues, except writing to the C: drive. i'll try your suggested solution to that issue.

Update: Your .ini fix worked. Thank you. Imo, "false" should be the default. I don't understand the logic of making "true" the default".

thx

Why not?

John T. Haller
John T. Haller's picture
Offline
Last seen: 2 hours 13 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Not The Purpose

The purpose of the apps is not to be used where it could get you in trouble. The majority of portable apps will write to the C drive while they are running in some fashion. Google Chrome Portable still is even with the setting you changed. It's just doing it in a way your IT dept doesn't happen to notice at the moment. It's still writing to TEMP even. The only way to make Chrome run without touching C would be to rewrite sections of it and compile it as a different app (which couldn't be called Chrome and would lose the ability to sync to Google). Unless you're running something totally within a virtual machine/sandbox and that introduces a whole set of other issues.

The platform uses the Windows networking components to connect. In most corporate locations, these have already properly been configured to work with the firewall, but not always, as is the case here.

Google Chrome Portable runs faster when storing cache to local TEMP and the majority of users aren't trying to prevent what you are, so the default is to use TEMP for cache and clear it on exit.

Also, keep in mind that your IT dept can still tell that you're running Google Chrome Portable even with the changes you made. They just happen to not be checking right now. But there's an entry for GoogleChromePortable.exe (and every other app you run) within C:\Windows\Prefetch. And you can't wipe that without admin rights. Plus there are other things and logs within Windows that every app will leave traces in.

Our apps are as clean as possible and will generally leave nothing behind on exit that we can control. They're not stealth or invisible, though. No apps are.

Sometimes, the impossible can become possible, if you're awesome!

Log in or register to post comments