YES! When i go to Threat Events Log in ePO i see detailed info there about the processes that triggered the intrusion violation but i do not see any explanation about the intrusion to say that for example: Chrome.exe process is trying to contact a bot C&C Server with suspious IP x.x.x.x and was blocked by Mcafee GTI.

Thanks for the reply, Hope you understand what i mean.

I already did some checks on the IP (199.59.242.150) and it belonged to an ISP name Bodis LLC. The IP is linked to malware, ransomware and abuse, I am not sure if legitimate websites are hosted under that same IP and my computers are trying to reach the good sites on that IP block. I get like 3 alerts a day from only my Chrome users trying to access that IP and it gets block by Mcafee firewall and also my Perimeter firewall with IPS/IDS.

I run weekly scans on the computers and they are running the latest ENS 10.3. I am almost certain these computers are not infected but if you can reccomend a tool or something that i can use to double check i would apprecaite that alot.

Thanks.

  I just found out that this is happening when people have left for the day but have left Chrome opeN

Nice observation.

I get alerts when my users are at work. I'm not sure if they leave their desktop unattened for extened periods (hours) with Chrome open maybe that can trigger the alert as well,  not sure if the same case or your case is different but i will keep an eye on those user to see if the alerts match with there time away

Thanks

Well this just happened to one user:

FIREFOX.EXE tried to access 199.59.242.150, violating the rule GTI Rule - TCP - Out and was Blocked.

This is suggesting some process called for a browser but it doesn't have to be Chrome.