DLP Agent shown in Critical or Warning status with alert 'Chrome|Edge extension not deployed'

Products

Data Loss Prevention Data Loss Prevention Endpoint Prevent

Issue/Introduction

You observe agents shown in the Enforce Console in Critical or Warning status and the agent events contain a recent 'Chrome|Edge extension not deployed' event, such as shown below:

Environment

DLP 15.8 and higher.

Cause

There are multiple reasons this could occur:

The extension failed to deploy due to LGPO corruption.
The Agent Advanced Setting 'ExtensionEnablement.INSTALL_BROWSER_EXTENSION.int' is set to 0, AND
1. The browser extension is not deployed manually, OR
2. You may see these alerts as false positives if you are running DLP 15.8 due to a race condition. This can happen if an end-user opens and closes Chrome or Edge in a shorter time than the PluginInstaller.TAMPERPROOFING_IGNORE_PROCESS_TIMEOUT.int value multiplied by 5.
If EDPA.exe crashes while brkrprcs64.exe is still running and gets restarted by the watchdog process WDP.exe as shown in the screenshot below:
Startup Boost and/or Background Extensions are enabled in Microsoft Edge.
Background apps are enabled in Google Chrome.

Resolution

Solution 1

If you are experiencing LGPO corruption, work directly with Microsoft to resolve it. See: Detecting Local Group Policy corruption

Solution 2.1

If you are deploying the browser extensions manually, ensure that you are deploying it in the correct way, and that it is the correct version for your agent. Make sure to follow and review all steps provided in the ReadMe to properly install the .crx file. If the appID does not match the correct value then the agent will report the extension is not installed. See: DLP Agent Chrome and Edge browser extension management

Solution 2.2

If you are seeing these alerts as false positives (detection and URL reporting is working) and are running an affected version of 15.8, this has been resolved as of 15.8 MP3 Hot Fix (HF) 6 (i.e. 15.8.00306.01001). Please upgrade to latest available 15.8 MP3 hotfix to avail of the latest fixes.

Solution 2.3

Verify the agents are able to access the play store addresses https://chrome.google.com/webstore/detail/symantec-extension/dehobbhellcfbmcaeppgfjhnldeimdph and https://microsoftedge.microsoft.com/addons/detail/symantec-extension/lgliocaeggimgcpgbbejhdnbmajgaiii respectively. If they cannot then Solution 2.1 should be used to deploy the extensions manually.

Solution 3

There are multiple ways to work around this, including:

Restarting the affected browser on the endpoint, and wait for PluginInstaller.TAMPERPROOFING_IGNORE_PROCESS_TIMEOUT.int value multiplied by 5.
Resetting the log level on the agent from the Agent Overview, troubleshooting menu.

Solution 4

Turn off both "Startup Boost" and "Continue running background extensions and apps when Microsoft Edge is closed" in Microsoft Edge.

How to check if Startup Boost or Background Extension is enabled/disabled:
edge://settings/system
How to turn off both settings using group policy:

Startup boost: https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#startupboostenabled
Background extension: https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#backgroundmodeenabled

Solution 5

To turn off the background apps for Chrome, make the following change in Chrome:
Chrome > Settings > System > turn off "Continue running background apps when Google Chrome is closed"

Solution 6

Edge

Check edge://extensions/ and verify if the Symantec Extension exists.

If not, check the version of the Edge browser.

If the version is still 106.0.1370.34, update the browser to 106.0.1370.37 or later and the browser should be able to download the Symantec Extension successfully.

Chrome

Check chrome://extensions and verify if the Symantec extension exists as per the following example:

If not, check the Chrome browser version via Help > About Google Chrome or chrome://settings/help

Chrome 109