The agent installer uses a Local Group Policy Windows API call to install/uninstall our Chrome browser extension into the LGPO at HKLM/Software/Policies/Google/Chrome/ExtensionInstallForceList. With DLP 15.5 and 15.7, the Chrome policy entry is created during the agent installation. Placing the extension policies in the LGPO prevents users from permanently disabling the extension by removing the Registry entries since during Group Policy processing it will be reloaded into the registry from the registry.pol file. These extension policies are also added to the Local Group Policy - %windir%\System32\GroupPolicy\Machine\registry.pol. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist These are added into the Registry at the following keys for the respective browsers: Registry Type/Data/Value (the value could change, depending on whether there are already any other local extension policies in place): The Symantec Extension registry value/data information is as follows: Chrome The extension is not installed until after the respective browser has been launched with the extension reference in place.įor Chrome extension on Mac see Creating an MDM configuration profile to support monitoring in Google Chrome on macOS endpoints. The URL is needed when processing policies to understand the destination and to report the URL on incidents. Google Chrome and Microsoft Edge Chromium utilize a browser extension to report the current tab's URL to the DLP Agent (via the Native Messaging Host - brkrprcs64.exe to edpa.exe).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |