Chrome/Edge DLP browser extension is still seen in Registry even though the browser HTTPS channel is disabled from monitoring
Article ID: 371725
Updated On:
Products
Issue/Introduction
You have disabled the Chrome HTTPS or Edge HTTPS channel in the Agent Configuration, which was then saved and applied to the members of the Agent Group. However even after the configuration change, you can still see the Chrome/Edge browser extension entries in the Registry under the HKEY_LOCAL_MACHINE tree as described in the below KB articles:
DLP Agent Chrome and Edge browser extension management
Unknown URL warning or incident generated by DLP Endpoint Prevent Chrome or Edge HTTPS monitor
Cause
The extensions will be still written into the Registry if the Printer/Fax channel is also enabled. That is because for Chrome/Edge Print monitoring, the same DLP browser extension is used as for HTTPS channels. This is documented here:
Enabling print monitoring for Google Chrome and Microsoft Edge on Windows endpoints
Resolution
If you don't want to have the DLP browser extension entries written into the Registry, do one of the following:
1) Either disable the Printer/Fax channel globally in the Agent Configuration. Do this only if you don't want to monitor Print requests in DLP.
2) Or, disable the Printer/Fax channel only for Chrome and Edge via the Global Application Monitoring settings for these two apps only. That way you keep the Printer/Fax monitoring globally for all apps while disabling the channel for Chrome and Edge only.
This can be done either in the Global Application Monitoring settings if you want to do this for all Agent Groups/Agent Configurations, or specifically only for selected Agent Configurations via the Application Monitoring tab in the Agent Configuration settings.
Feedback
