DLP Endpoint detection not working while in Incognito Mode Google Chrome / Microsoft Edge Chromium
search cancel

DLP Endpoint detection not working while in Incognito Mode Google Chrome / Microsoft Edge Chromium

book

Article ID: 173203

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Data Loss Prevention Endpoint Suite Data Loss Prevention Enterprise Suite

Issue/Introduction

In Chromium based browsers such Google Chrome and Microsoft Edge, DLP extensions are disable by default in Incognito Mode/InPrivate Browsing. Symantec Data Loss Prevention requires its plugin to be enabled for detection to work properly. User can manually turn On/Off the plugins in these modes.

Environment

All Chromium based browsers.

Windows and MacOS

DLP Endpoint 15.x

Resolution

Broadcom recommends that you disable Incognito/InPrivate Browsing mode and Guest profile/mode in Chromium browsers by an appropriate Group policy configuration, or an MDM profile on macOS. While the plug-in can be manually enabled via the option "Allow in Incognito" in the extension details, this might not be the feasible option in an enterprise environment. 
 
The following values need to be set in their respected browsers please review browser documentation regarding how to apply those polices. These administrative templates are provided by the browser vendor and not by Broadcom.
 

Google Chrome:

IncognitoModeAvailability=1

0 = Incognito mode available
1 = Incognito mode disabled
2 = Incognito mode forced

https://chromeenterprise.google/policies/?policy=IncognitoModeAvailability

BrowserGuestModeEnabled=0 (false)

https://chromeenterprise.google/policies/?policy=BrowserGuestModeEnabled

Microsoft Edge:

InPrivateModeAvailability=1

Enabled (0) = InPrivate mode available
Disabled (1) = InPrivate mode disabled
Forced (2) = InPrivate mode forced

https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#inprivatemodeavailability

BrowserGuestModeEnabled=0 (false)

https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#browserguestmodeenabled

Additional Information

See also: Deploy the DLP Chrome Browser extension via GPO

See also: Deploy the DLP Edge (Chromium) Browser extension via GPO