Starting with Symantec Endpoint Protection (SEP) 14.3 RU2, a Chrome Browser Extension is installed to provide further protection to the system. One method for installing the extension is through an Active Directory (AD) Group Policy Object (GPO).
To install the SEP Chrome browser extension using an Active Directory Group Policy Object:
NOTE: SEP will honor the active directory GPO first, and if our extension ID is not found SEP will fall back to installing the extension from the Liveupdate package via local GPO, provided the following Chrome GPO policy extensions settings are not configured.
If the above settings are configured, you will need to add the following extension ID's to the Chrome GPO policy setting Configure Extension installation allow list.
|Distribution Channel||Extension ID|
|Google Chrome Web Store||pamolibmfebkknkdmfabpjebifbffbec|
|LiveUpdate||gnhglcnkcmhnocgkcnlliammpmagaghd -- 14.3 RU2/RU3/RU4 version 188.8.131.52 of webextbridge.exe.
amnfbgkhpdmeeobndndgebhdklioljbc -- 14.3 RU2/RU3/RU4 version 184.108.40.206 of webextbridge.exe. released April 13th to May 11th 2022.
GPO snapshot for reference :
In this case, the SEP Chrome Browser Extension must be configured using the steps above. This could be done locally for non-domain computers or via GPO for domain members
Starting with SES 14.3 RU4, you can disable IPS "Browser Intrusion Prevention" in SES client settings or SES IPS policy, which will unload the Chrome Browser extension. When re-enabling Browser Intrusion prevention, it can take some time for the extension to reload.
NOTE: The above change is only for cloud enrolled SES clients.
To prevent installation or remove the SEP Chrome Browser extension, choose one of the following options: