DLP Agent shown in Critical or Warning status with alert 'Chrome|Edge extension not deployed'
search cancel

DLP Agent shown in Critical or Warning status with alert 'Chrome|Edge extension not deployed'

book

Article ID: 212090

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Endpoint Prevent

Issue/Introduction

You observe agents shown in the Enforce Console in Critical or Warning status and the agent events contain a recent 'Chrome|Edge extension not deployed' event, such as shown below:

Environment

DLP 15.8 and higher.

Cause

There are multiple reasons this could occur:

  1. The extension failed to deploy due to LGPO corruption.
  2. The Agent Advanced Setting 'ExtensionEnablement.INSTALL_BROWSER_EXTENSION.int' is set to 0, AND
    1. The browser extension is not deployed manually, OR
    2. You may see these alerts as false positives if you are running DLP 15.8 due to a race condition. This can happen if an end-user opens and closes Chrome or Edge in a shorter time than the PluginInstaller.TAMPERPROOFING_IGNORE_PROCESS_TIMEOUT.int value multiplied by 5.
  3. If EDPA.exe crashes while brkrprcs64.exe is still running and gets restarted by the watchdog process WDP.exe as shown in the screenshot below:
  4. Startup Boost and/or Background Extensions are enabled in Microsoft Edge.
  5. Background apps are enabled in Google Chrome.

Resolution

Solution 1

If you are experiencing LGPO corruption, work directly with Microsoft to resolve it. See: Detecting Local Group Policy corruption

Solution 2.1

If you are deploying the browser extensions manually, ensure that you are deploying it in the correct way, and that it is the correct version for your agent. See: DLP Agent Chrome and Edge browser extension management

Solution 2.2

If you are seeing these alerts as false positives (detection and URL reporting is working) and are running an affected version of 15.8, this has been resolved as of 15.8 MP1 HF6.

Solution 3

There are multiple ways to work around this, including:

  1. Restarting the affected browser on the endpoint, and wait for PluginInstaller.TAMPERPROOFING_IGNORE_PROCESS_TIMEOUT.int value multiplied by 5.
  2. Resetting the log level on the agent from the Agent Overview, troubleshooting menu.
Solution 4

Turn off both "Startup Boost" and "Continue running background extensions and apps when Microsoft Edge is closed" in Microsoft Edge.

  1. How to check if Startup Boost or Background Extension is enabled/disabled:
    edge://settings/system

  2. How to turn off both settings using group policy:

    Startup boost: https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#startupboostenabled
    Background extension: https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#backgroundmodeenabled

Solution 5

To turn off the background apps for Chrome, make the following change in Chrome:
Chrome > Settings > System > turn off "Continue running background apps when Google Chrome is closed"

Solution 6

Edge

Check edge://extensions/ and verify if the Symantec Extension exists.

If not, check the version of the Edge browser.

If the version is still 106.0.1370.34, update the browser to 106.0.1370.37 or later and the browser should be able to download the Symantec Extension successfully.

 

Chrome

Check chrome://extensions and verify if the Symantec extension exists as per the following example:

If not, check the Chrome browser version via Help > About Google Chrome or chrome://settings/help

Check the Chrome is updated to the latest supported version as per our internal DLP - Supported Versions Master List

Chrome 109 

Additional Information

See also: Detecting Local Group Policy corruption

See also: DLP Agent Chrome and Edge browser extension management

Attachments

Powered by Wolken Software