get_document

Filename

Topics Covered

Source

01-cep-overview

Comprehensive introduction to Chrome Enterprise Premium (CEP). Helps with product evaluation and implementation. Walks through the 5-step checklist: setting up Chrome management, configuring connector policies, verifying the CEP service, setting up DLP rules, and configuring activity alerts. Covers trial terms (60 days, 5,000 users) and manual license assignment. Keywords: $6/user price, trial terms, Licensing, 5-step checklist, manual license assignment, Workspace service settings.

Remote

02-chrome-deployment-guide

Comprehensive browser deployment and enrollment guide. Use this to perform large-scale MSI/PKG installation via MDM and configure cloud management. Covers how to: deploy the Chrome Enterprise bundle, apply policy templates, use Cloud management enrollment tokens, force-install Endpoint Verification, and perform the two-step unenrollment process.

Remote

03-ev-troubleshooting

Endpoint Verification (EV) troubleshooting and privacy guide. Helps resolve device posture sync errors and access denial issues. Covers how to: fix OS-level sync failures by investigating Native Helper status, EDR/Antivirus blocks, and firewalls; resolve OS update delays via manual "Sync Now"; and understand privacy boundaries (no browsing history collected). Keywords: Failed to sync, Native messaging host, manual sync, privacy statement, BYOD security.

Remote

04-dlp-core-features

Guide for configuring DLP triggers (Paste, Print, Upload), screen capture protection, and Enterprise Cache Encryption. Helps protect sensitive data from accidental leaks or exfiltration. Covers how to: enable screenshot blocking on sensitive URLs, manage file scan latency via DelayDeliveryUntilVerdict, and configure Optical Character Recognition (OCR) for images. Keywords: Screen capture protection, Clipboard controls (Paste), Cache encryption, OCR supported types (BMP, GIF, JPEG, PNG, TIF), scan delay.

Remote

05-evidence-locker

Setup and configuration guide for the Evidence Locker (forensic file storage). Helps secure sensitive data for legal and security investigations. Covers how to: configure the GCS bucket, manage access permissions, and handle unscannable files. Note: DLP more reliably detects password protection on ZIP archives than on PDF or Office documents. Keywords: Evidence Locker, GCS bucket permissions, service account keys, DelayDeliveryUntilVerdict, password reliability (ZIP vs PDF).

Remote

06-dlp-rule-troubleshooting

DLP troubleshooting and diagnostics guide. Helps resolve rule deployment issues and ensures effective protection against data leaks. Covers how to: verify rule receipt via chrome://policy, confirm CEP license assignment, refine strict rules using "Audit only" mode, investigate client-side logs at chrome://safe-browsing, and analyze server-side log events in the Admin Console. Keywords: chrome://policy, chrome://safe-browsing, audit only mode, license assignment, investigation tool.

Remote

07-caa-dlp-integration

Context-Aware Access (CAA) and Security Gateway integration guide. Helps protect corporate apps by ensuring only compliant devices gain access. Covers how to: troubleshoot "401 Unauthorized" errors via IAP logs and Access Level definitions, secure native applications using Certificate-Based Access (CBA), and verify Device Trust Connector (Okta) status in chrome://connectors-internals. Keywords: 401 Unauthorized, IAP policy, Security Gateway, BeyondCorp, native app security.

Remote

08-certificate-based-access

Certificate-Based Access (CBA) and Identity Provider guide. Helps enforce high-assurance access for managed and unmanaged devices. Covers how to: upload Root CA certificates to the Admin Console and configure the "AutoSelectCertificateForUrls" policy for seamless user authentication. Keywords: CBA, Root CA upload, AutoSelectCertificateForUrls, client certificates.

Remote

09-chrome-log-events

Chrome Reporting Connector and SIEM integration guide. Helps search security event logs in the Admin Console and stream events to SIEMs like Splunk. Covers event descriptions for Threat and Data Protection events, and how to verify local event generation and policy receipt on client machines. Keywords: Chrome log events, Audit & investigation, Threat events, Data Protection events, chrome://policy, chrome://safe-browsing, Splunk integration.

Remote

10-chrome-policy-management

Chrome policy management and URL filtering guide. Helps control web access and manage policy conflicts. Covers how to: use wildcard syntax—example.com (includes subdomains) vs .example.com (exact host only); give cloud policies precedence via "CloudPolicyOverridesPlatformPolicy"; and bypass Safe Browsing warnings for internal sites using "SafeBrowsingAllowlistDomains".

Remote

12-security-posture-guide

Internal evaluation criteria the agent uses to assess a Chrome Enterprise Premium environment and recommend next steps. Walks through whether the prerequisites (licenses, connectors, SEB extension) are present, whether DLP rules exist, whether they are tuned, and whether they are enforcing. Covers the telemetry dependency (logs require active rules). For agent-internal use only — do not surface labels or framework names to users.

Local

15-rule-quality-guidelines

Internal evaluation criteria the agent uses to identify logic flaws and noise in Chrome Enterprise Premium DLP rule JSON. Covers context blindness (missing destination vectors), false negatives from broad file-type exclusions, root-OU over-scoping, low match thresholds that cause false positives, missing compound logic, mixed triggers, disproportionate actions, audit-first deployment, and orphaned rules. For agent-internal use only — do not surface heuristic names or category labels to users.

Local

16-configurable-timeouts

Guide for configuring timeout deadlines (evaluation time limit) for Data Loss Prevention (DLP) and malware scans, including the paste action. Covers UI navigation paths, Admin privileges required, and background scan behavior. Keywords: Configurable timeouts, evaluation time limit, deep scanning protection settings, Chrome Enterprise Security Services, Chrome Enterprise Premium, scan deadline, paste deadline.

Remote

21-dlp-limits

DLP content and scanning limits guide. Helps explain why certain files are unscanned or blocked. Covers constraints for file size, text extraction, and spreadsheets. Keywords: 50MB file limit, 10MB text limit, 50,000 cell limit, unscannable files.

Remote

22-dlp-data-masking

Helps protect sensitive UI data in the browser using data masking. Covers configuration of masking rules and requirements for the Secure Enterprise Browser (SEB) extension. Keywords: Data masking, SEB extension, PII protection, Light/Hard obfuscation.

Remote

23-insider-risk-monitoring

Insider risk and data loss monitoring guide. Covers how to turn on insider risk monitoring via the 1-click "Monitor data leaks and insider risk" flow, and how to configure the "Data protection insight scanning and report" setting. Explains how this automatically configures Chrome connectors, event logging, and DLP scanning. Keywords: Insider risk, 1-click enablement, Data protection insight scanning, Chrome security event logging, turn off monitoring.

Remote

24-security-reports

Overview of Chrome security reports in the Admin Console. Helps administrators monitor threat and data protection events. Covers Malware, Unsafe Sites, PII transfers, and high-volume upload/download reports. Keywords: Data protection reports, Threat protection dashboard, security telemetry.

Remote

27-url-blocklist-format

Detailed technical format for URL blocklist and allowlist filters. Helps with precise web access control. Covers wildcard syntax rules: example.com (matches domain and all subdomains) vs .example.com (matches exact host only). Keywords: wildcard (*), subdomain (.), URL filter syntax, blocklist vs allowlist.

Remote

28-safe-browsing-allowlists

Helps administrators exempt trusted internal sites from Safe Browsing warnings. Covers how to bypass malware, phishing, and password reuse checks. Keywords: SafeBrowsingAllowlistDomains, trusted domains, bypass warnings.

Remote

29-admin-privilege-definitions

Reference for administrator privileges required to manage Google Workspace and CEP features in the Admin Console. Helps resolve "Access Denied" errors. Covers privileges for User management, Reports, Security Center, Data Loss Prevention (DLP) rule management, Chrome Management, and Data Security (Context-Aware Access). Keywords: Admin console privileges, Manage DLP rules, Security Center, Service Settings, custom roles.

Remote

30-ev-device-attributes

Comprehensive list of device posture attributes collected by Endpoint Verification. Helps with creating granular Context-Aware Access (CAA) levels. Covers OS version, serial numbers, disk encryption, and screen lock status. Keywords: Device attributes, postural data, hardware identifiers, encryption status.

Remote

31-security-insights-data

Guide to querying Chrome Enterprise Security Insights data. Covers methods for retrieving summaries and breakdowns of content transfers and URL visits. Helps with understanding security posture and data movement.

Local

98-agent-knowledge-addendum

Mandatory Technical "Golden Facts" and operational memory for Chrome Enterprise Premium. Covers Extension IDs for EV and SEB, Windows Certificate Store requirements for CBA, URL filtering syntax rules, and troubleshooting "Something went wrong" errors for Security Insights using specific privileges. Keywords: callobklhcbilhphinckomhgkigmfocg, ekajlcmdfcigmdbphhifahdfjbkciflj, Windows Store requirements, Security Insights Error, Chrome DLP insight setting management, SafeBrowsingAllowlistDomains.

Local