*Note*

• Keep in mind that pre-existing extensions will not be blocked properly with this policy
• Test, test and test again. ADC is a very powerful tool, but if configured incorrectly it can cause other issues with your OS
• This is meant only to prevent future extension installation.
• Chrome users will be able to disable or delete an extension from within the browser, but the files will be left untouched on the system as ADC won't allow access.
• The extension ID may change when it is updated on the Google Web Store, so you may have to revise or add to the block rule.
• A similar configuration can be used with other browsers, but will require tweaking to the file/folder path and how extensions are identified.

Find the Chrome Extension UID:

1) Open up Chrome and type in chrome://extensions in the URL bar, or go to Settings > Extensions.

2) Enable "Developer Mode" by checking the checkbox in the top right.

3) Open up the Chrome Web Store via the "Chrome Web Store" hyperlink on the left.

4) Search for the extension(s) you wish to block.

5) Click on the "Add to Chrome" button to install the extension.

6) Confirm you wish to install by clicking the "Add extension" button in the new prompt.

7) Return to the chrome://extensions page and locate the extension in question.

8) Note that with "Developer Mode" enabled you will now see an ID: parameter. The string value listed is what is needed.

Create your new Application Behavior block policy:

1) Within the ICDm console click on Policies and locate the Default Custom Application Behavior Policy.

2) Within the policy, click "Add Rule Set" located under Custom Rule Sets.

3) Give your rule a meaningful name (example: Block Chrome Extensions), change "Monitor" to "On" and click "Add".

4) Locate the newly created rule and click the dropdown arrow on the left. This will display a Rules section. Click "Add Rule" on the right in this section.

5) Again, give your rule a meaningful name (example: Chrome Extension Block). In the List of included applications section click "Add Included Application"

In the Add Included Application window assign a * wildcard or the process name chrome.exe in the Application Name to Match area. Once done, click "Save Included Application".

6) Once back at the Add Rule window, select Behaviors and Actions. Then select File and Folder Access Attempts. In the section click "Add Condition".

7) Again provide a meaningful name. In the "Apply to the following files and folders" section click "Add File or Folder Definition".

8) For the "File or Folder Name to Match" field use the following path with the Chrome extension ID appended:

• %systemdrive%\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\Enter_the_ChromeExtension_ID
• Alternatively, you could use an asterisk (*) wildcard in place of the extension ID to block all Chrome extensions.

9) Leave the option to "Use wildcard matching" enabled. Click "Save File or Folder Definition".

10) Once back at the File and Folder Access Attempts window, click the "Actions" tab and set the Read Attempt and Create, Delete or Write Attempt options to "Block access"

11) Additionally you can set your notification and logging options as needed. Once done, click "Save Condition".

12) Once back at the Edit Rule window, click "Save Rule"  and then click "Save" at the top of the policy to save the policy configurations. Assign to a test group to ensure that attempts to install the configured extension are blocked.