A component of the Chrome or Edge extension for the HTTPS monitor may have been tampered with or is being blocked. Similar messages include:

• Chrome Monitoring Status Chrome extension not deployed.
• Edge Monitoring Status Edge extension not deployed.

There are several possible resolutions, depending on the cause.

If the server and the clients are on at least 16.0 RU1 and the problematic agents are Windows clients, then we advise using the Chrome Content Analysis Connector Agent SDK on the endpoints as means to resolve this issue. If the DLP infrastructure is not on at least 16.0 RU1 or this issue is occurring with Mac agents then continue reading below.

If client machines do not have access to the internet to download the extension from the play store contact support for the offline crx install for the extension.

Also note. Browsers using incognito (chrome) / in private (edge) mode will not load extensions by default. This can cause seemingly random incidents to report unknown URLs. See this KB for instructions on using Chrome / Microsoft administrative templates to force extensions to load. If the unknown URLs are consistent or incognito mode is not a factor then continue troubleshooting below.

Verifying the policies in the browser

The browser will not only tell you if the policy is present but it will also inform you if it has been overwritten or if there is a formatting error in the data. In addition, this will display policies that may not show up in standard locations in the registry and easily missed by a manual search.

Open your browser and type in Chrome://policy or Edge://policy (whichever is applicable)

When checking the policies you want to make sure that the status OK. If Error, Warning or Conflict show up then resolve those issues. Note that you will not be able to change the values within the browser. Changes should be made via GPO polices through the security admin or can be tested by modifying the registry manually (details further down).

Validate the following Policies:

ExtensionInstallForceList

This policy should always be present if DLP Agent is installed. 

Policy Value you should contain one of the following: (Note: this value can contain a long string of multiple extensions)

Chrome
DLP Agent 15.8, 16.0 - dehobbhellcfbmcaeppgfjhnldeimdph;https://clients2.google.com/service/update2/crx
DLP Agent 15.7 and earlier - eelojgpfkmhiikmhkineneemcahoehjo;https://clients2.google.com/service/update2/crx

Edge
All DLP Agents - lgliocaeggimgcpgbbejhdnbmajgaiii

For Chrome look in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome

For Edge look in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge

ExtensionInstallBlocklist

If present and an * is used in the value then an ExtensionInstallAllowlist policy will need to be implemented. Also ensure that the extensions listed above are not in the value.

ExtensionInstallBlacklist

This policy is deprecated.  See ExtensionInstallBlocklist if values exist.

ExtensionInstallAllowlist

This policy needs to be present only if the ExtensionInstallBlocklist or ExtensionInstallBlacklist are being used AND they include an * value. If this policy is needed, make sure it includes the proper extension values listed for the ExtensionInstallForcelist policy above.

ExtensionInstallWhitelist

This policy is deprecated. If the ExtensionInstallBlocklist or ExtensionInstallBlacklist are being used AND they include an * value then create and use the ExtensionInstallAllowlist policy as described above.

NativeMessagingBlackList

Chrome only. If this policy contains the value * then a NativeMessagingWhitelist policy is required with the proper value. If it contains com.symantec.dlp then remove that value.

NativeMessagingBlockList

Edge only. If this policy contains the value * then a NativeMessagingAllowlist policy is required with the proper value. If it contains com.symantec.dlp then remove that value.

NativeMessagingAllowList

Edge Only. Required if the NativeMessagingBlocklist is being used. Add com.symantec.dlp to the value.

NativeMessagingWhitelist

Chrome only. Required if the NativeMessagingBlacklist is being used. Add com.symantec.dlp to the value.

Manually Checking or Modify the Registries

Chrome

DLP Agent 15.8, 16.0

DLP Agent 15.7 and earlier

Validate the path above is correct

Chrome Security Setting Registries (All versions of DLP Agent)

Additional Troubleshooting

• Verify the DLP antivirus settings, any of the DLP agent files are being blocked by antivirus this issue can occur. See this KB.
  
  
• Verify that the Symantec Extension is enabled in the browser. If the extension is not enabled then enable it. If it is missing then attempt to manually install it from this play store link or reinstall the DLP agent.
  
  
• Check to see if the brkrprcs.exe or brkrprcs64.exe is running while the DLP agent is loaded and browser is open. If those processes do not show up the extension is either broken, blocked, or not installed.
  
  

For further troubleshooting increase the agent logging level to FINEST using this KB and enable developer mode on Chrome then duplicate the issue. After duplicating the issue open the extensions and check to see if there are any errors. If so include them with any evidence for the support case.

Related Error Messages

07/15/2021 12:21:57 | 13240 | FINEST  | ApplicationConnector.ExtentionInstaller | ManageLGPO: for Browser (Edge Chromium), Error saving  machine registry key for GPO, -2147024864
07/15/2021 12:21:57 | 13176 | WARNING | ApplicationConnector.ExtentionInstaller | ERROR: Failed to add Chrome LGPO for : (Edge Chromium) Error code = 2147942432
07/15/2021 12:21:57 | 13176 | SEVERE  | MSEdge.EdgeConnector | Failed to install browser extension for browser Microsoft Edge, browser monitoring will not work | [SYMRESULT 0x80070020]

See also: DLP Agent Chrome and Edge browser extension management & DLP Endpoint Agent build numbers and the latest hotfix information 

NOTE: The msedge policies are case sensitive. 

Please note, as of DLP 16.0 it will be expected behavior to see duplicate registry entries