Endpoint Protection

Expand all | Collapse all

Symantec Browser Extension (f. e. Chrome)

  • 1.  Symantec Browser Extension (f. e. Chrome)

    Posted 06-23-2021 05:22 AM
    Edited by paupau90 06-23-2021 05:26 AM
    Hi all,

    is it possible to disable or uninstall the Symantec extension for the browser, like Chrome?
    Unfortunately I have not found a suitable setting in SEPM.

    Thanks in advance


  • 2.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 06-23-2021 08:09 AM
    hopefully this helps

    The browser extension depends on IPS; therefore, the IPS policy must be enabled and assigned to the group. The browser extension is downloaded from LiveUpdate by default if the computer joined an Active Directory domain. Otherwise, the browser extension is downloaded from the Google Web Store. You enable or disable this content by clicking
    Admin
    >
    Servers
    >
    Edit Site Properties
    >
    LiveUpdate
    tab >
    Content Types to Download
    >
    Browser Extension
    .
    By default, the Symantec Endpoint Protection installer installs the Google Chrome browser extension. However, if you want to use an Active Directory Group Policy Object to manage your Chrome extensions, you must add the browser extension to your list.

    https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/release-notes/Whats-new-for-Symantec-Endpoint-Protection-14_3-RU2.html



  • 3.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 08-09-2021 01:29 PM
    1. In the SEPM console, click on Policies > Intrusion Prevention.
    Selected the active Intrusion Prevention policy and click Edit policy (or double-click on the policy).
    2. Selected Intrusion Prevention and check the "" Log detections but do not block" and click on OK.
    3. Assigned the policy to test system and check


  • 4.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 06-23-2021 09:25 AM
    What about for the cloud-managed version?  In that management console, all I can see in the IPS policy is to set the Browser protection to Enable, Disable, or Log.  No option to differentiate any other settings.
    Today I had a user contact me, unable to reach a site, getting the Symantec browser screen saying malicious site ahead.  On a computer directly next to her, same version of Chrome and SES agent, and that computer CAN get to the site.  The site lands at a .php page, and has no https, which is probably the cause of the flag I imagine.  It opens fine in Edge on the same computer, as I'd expect.

    So is the Chrome extension on the flaky side I wonder?  And does setting Disable on the Browser protection disable this, or no?  What I'm lost on is, I'm pretty sure Browser protection existed in IPS before this new extension was developed, so am I even addressing the proper setting if I did disable Browser protection in IPS?


  • 5.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 06-29-2021 07:05 AM
    Edited by paupau90 06-29-2021 07:05 AM
    Thanks for the answer. The Symantec browser extension is already installed. I would like to be able to disable or uninstall the Symantec extension in Chrome for individual clients (via groups). Unfortunately the GPO settings for Chrome don't really help here as the extension is already installed. Is there maybe a way to unlock the Symantec extension switch in Chrome again? The on-off switch is not usable at the moment. Then you could turn off the extension there if needed.





  • 6.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 07-11-2021 10:02 PM
    Hi , I have the same issue. Have you found the way to disable the extension?


  • 7.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 08-05-2021 04:10 PM
    Im having an issue with this extension. Is there a way to disable this somehow?  Im using the cloud managed version and my machines are on a domain.  This extension is preventing me from pushing out apps via google workspace.


  • 8.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 08-07-2021 02:53 AM
    Just follow the below link, it works with me:

    https://knowledge.broadcom.com/external/article/214750/installing-the-endpoint-protection-chrom.html




  • 9.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 08-09-2021 02:23 PM
    I don't think the GPO options work if the extensions are already installed (?).

    Also, the above suggestion about SEPM - the cloud-managed version doesn't give these same options.  :(


  • 10.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 08-10-2021 04:42 AM
    Hi Team,

    We cant disable the Symantec extension bcz its grade out in Chrome.

    Best Regards,
    Siva
    M.Tech Broadcom Aggregation Technical Support.


  • 11.  RE: Symantec Browser Extension (f. e. Chrome)

    Broadcom Employee
    Posted 08-12-2021 10:23 AM

    Good Morning Everyone,

    What are the reasons you all want to remove the Chrome Extension?  You will lose Broswer IPS protection for users using Chrome which will put you in a less secure state. In previous version Chrome did not support Browser Protection.  14.3 RU2 added it with the Chrome Extension.  If you could provide some reasons it would be helpful.

    Thanks,
    John Owens



    ------------------------------
    John Owens
    ------------------------------



  • 12.  RE: Symantec Browser Extension (f. e. Chrome)

    Broadcom Employee
    Posted 08-12-2021 11:48 AM
    Additionally, there is no way to disable this Chrome Extension or have it not be installed from within the product.  I would suggest a Feature Request for this to possibly be added.

    ------------------------------
    John Owens
    ------------------------------



  • 13.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 08-16-2021 03:02 AM
    In my case it's clashing with our Proxy server so some of the website are not loading properly.

    I think its kind of stupid that even an administrator can not disable this feature, we should be able to disable it from the SEPM especially for testing.


  • 14.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 08-13-2021 03:21 AM
    Hi John

    I'm part of a big organisation and we have a team managing Chrome, another managing our Secure Web Gateway plus my team managing SEP and in total 40k users depending on all 3 components working. If my team introduces the extension into Chrome, we need to do extensive coordination, testing and process changes together with our incident teams (as malicious webpages are supposed to be blocked in the proxy).

    In short, we dont want to do that as the benefit would be very limited and therefore the planned 14.3 RU2 client upgrade is put on hold. Please ensure any new feature in SEP can be disabled fully or even better de-selected when exporting the client installation package.


  • 15.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 08-31-2021 10:56 PM
      |   view attached
    Hello John,

    As a few others have posted, having the SEP Chrome extension installed prevents chrome extensions from being installed using Google Admin. I work at small school district and we are no longer able to force install chrome extensions on staff and student devices that use SEP.

    Is this a bug, or is this the intended behavior of the SEP chrome extension? Is there any workaround at this time? Another member of our team has submitted a support request and is waiting on a reply.

    Thanks for your help,
    Chris


  • 16.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 08-13-2021 02:43 PM
    This would be great. We currently use Google Workspaces, and installing SEP/SES force installs the SEP Chrome extension which conflicts with extensions managed via Google Admin https://support.google.com/chrome/a/answer/6177431?hl=en

    Once SEP/SES is installed, the machine is getting policies from different sources. The Google Admin console is applying it from the Cloud but it is also being applied from the Machine. The policy that I'm talking about is named "ExtensionInstallForcelist" and it shows multiple sources - which can be found at chrome://policy/ and it shows SEP/SES is taking priority (Symantec Endpoint Protection https://chrome.google.com/webstore/detail/symantec-endpoint-protect/pamolibmfebkknkdmfabpjebifbffbec)

    Talking with Google Support said: "I was checking other cases where the same issue was identified, the best way to solve this issue is to work with Symantec to configure their software to not push the extension."

    The Google Admin console will not work as long as there is a policy source that gets higher priority over it, Chrome is designed to take machine level polices over cloud-level policies as mentioned in this article from Google Help Center https://support.google.com/chrome/a/answer/9037717

    Another possible alternative would be some kind of whitelist config for the SEP extension to allow Google Admin extension privileges. Either way, the Symantec Chrome Extension is breaking our current browser configurations - we need more deployment control here.


  • 17.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 08-24-2021 11:14 AM
    Dear John,
    we are actually having huge issues with this extension and i'm curious if there is any quick fix for this, we simply would like to deactivate the feature. Would you be able to address this to the product group?

    It would be great to see that there is even a idea of fixing this soon.

    Thanks for your update.
    Regards,
    Aleks


  • 18.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 08-13-2021 01:30 PM
    Yes I agree with the idea that a new feature that has significant end-user impact should have an option to be disabled.
    From the get-go, this feature should have the ability to whitelist certain domains or URLs, in addition to the ability to disable the feature fully.  To me that should just be obvious for the dev team to realize.  Or is whitelisting URL's currently an option?  I ask because I have had a few end users complain that the website(s) they visit routinely for their work get flagged by the browser extension as bad so they can't get their work done, but there is never any explanation by the Symantec product as to why.  Of course the website owner is not incentivized to look into the issue, because the site works fine on Edge, and, the Symantec products gives absolutely no indication of why it flagged a URL as bad.  Neither on the interface to the end-user, nor in the daily IPS email reports the admin receives.

    So in effect, we have a feature that decides to block access to necessary websites in some cases, gives no explanation as to why thus the end user, the security admins, and the website owner have no idea what needs to be done to correct the issue, AND, you can't disable the feature.

    I don't mean to be all criticism here but it really seems like the dev team needs to focus a bit more on the customer experience before releasing a feature that directly impacts end users.

    I'm happy to be wrong on anything from the above.  Maybe there's a URL whitelisting option that'll inform the Chrome extension to allow certain sites?



  • 19.  RE: Symantec Browser Extension (f. e. Chrome)

    Broadcom Employee
    Posted 08-13-2021 01:29 PM

    Hello,

    Noted. We will enter a Feature Request for this.  As of now, there is no way within the product to do this.  



    ------------------------------
    John Owens
    [JobTitle]
    [CompanyName]
    [Country]
    ------------------------------



  • 20.  RE: Symantec Browser Extension (f. e. Chrome)

    Broadcom Employee
    Posted 08-13-2021 01:44 PM
    Edited by John_Owens 08-13-2021 01:45 PM

    Good Morning,

    Yes. You can whitelist URLs.  https://knowledge.broadcom.com/external/article/206213/url-reputation-false-positive-process.html

    You can also try using Trusted Web Domain exceptions depending on what IPS detection you are getting. 

    Some other options that may work for you:

    For domain members, you may completely remove the SEP Chrome extension or prevent its installation by disabling the force-install list in Chrome extension policy at the domain level.  The block list is ineffective because the force-install list will override it and any local changes to force-install list will be reverted by SEP. 
     
    For a non-domain computer the extension mgmt choices are 1.) disable IPS "Browser Intrusion Prevention" in SEP client settings or SEPM policy (the extension will still be visible in Chrome settings but put in pass-thru) or 2.) Uninstall the SEP IPS component.
     
    All I can think of otherwise is to edit and lockdown (deny write access to) the related registry key:
    HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist
    This could be done locally for non-domain members or via GPO for domain
    Thanks,
    John Owens



    ----



  • 21.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 09-09-2021 04:22 PM
    I would also like the ability to disable the chrome extension. Can we get an idea of the time line to get this feature request implemented? thank you


  • 22.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 09-10-2021 06:41 AM
    Oops sorry John, not sure why but I somehow missed the advice here.  I'll check into this for sure and thank you.

    I do get the notices of the latest posts on this thread and there's a common theme I'm seeing, which is that it's is painfully obvious that Broadcom erred in implementing this Chrome browser extension feature and at this point someone just has to accept responsibility and do something about it.  The volume of posts on this topic is higher than normal for any problem with SEP that I've seen in years, and this no doubt represents a tiny fraction of actual affected parties.
    Worse, the dev team is taking the classic stance of only being able to speak the language of case numbers.  The problem here is that someone in leadership, at a level that supersedes dev team managers, needs to step in, recognize that forcing customers to engage with frontline tech support on issues that are, again, painfully obviously a design and implementation mishap, is perhaps the worst possible customer experience decision available here.
    Someone really needs to modernize the feedback loop at Broadcom - you deserve HUGE credit for coming on here daily and dealing with all this, but what I think needs to happen is the group or organization as a whole needs to re-design the feedback process for situations like this.

    This goes way beyond standard bug reports and feature requests, though I completely understand that this is all that can be recommended under the current environment.

    EXtreme Ownership (Echelon Front) - whomever is in charge of this stuff should really check into that leadership principle.

    As always though, thank you for the work you put in.  If not for you and Adam, the ship would have sank already.



  • 23.  RE: Symantec Browser Extension (f. e. Chrome)

    Broadcom Employee
    Posted 08-24-2021 12:06 PM

    Hello Aleks,

    This will not be a quick resolution if it is decided to add the option to remove the Chrome Extension via SEPM policy/configuration.

    What issues are you having?  Have you opened a case?

    1. You can disable Browser Protection to place the extension in pass-through mode.
    2. You can remove IPS to remove the Chrome Extension

    Thanks,
    John Owens



    ------------------------------
    John Owens
    [JobTitle]
    [CompanyName]
    [Country]
    ------------------------------



  • 24.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 08-26-2021 08:32 AM
    Edited by Edo 08-26-2021 08:32 AM
    We have a problem with  symantec google chrome extension, which is automatically deployed with 14.3. RU2 version. We cannot disable over AD group policy, because there is only way that you disable - force all extensions. There is no solution for disabling it, actually only to create new installation package without IPS component. This is not good. There should be an option for disable this feature over SEPM. And this cannot be creating new package without IPS component, because of google extension.

    Our first problem with extension is that google chat is not working, even if you remove IPS policy, there is still a problem that it does not open chat as it should. If you remove registry entry - (force install) for symantec extension and if you do a restart of google chrome it is working.

    After you do reboot of machine, symantec extension is back and google chat is not working. This is not OK, this is the first problem that we notice on our test computers, for sure I will stop deployment for version 14.3. ru2 (3000+) in production on user computers.

    You will need to solve this issue with google extension ASAP.
    Thank you,
    Edo


  • 25.  RE: Symantec Browser Extension (f. e. Chrome)

    Broadcom Employee
    Posted 08-26-2021 01:59 PM
    A Feature Request has been added for this. There is no timetable or guarantee this will be added.  Do you have a case opened for your issue with Gchat?

    ------------------------------
    John Owens
    [JobTitle]
    [CompanyName]
    [Country]
    ------------------------------



  • 26.  RE: Symantec Browser Extension (f. e. Chrome)

    Broadcom Employee
    Posted 08-26-2021 02:05 PM
    If you have a case number I can look into it for you and make sure it is progressing.

    ------------------------------
    John Owens
    [JobTitle]
    [CompanyName]
    [Country]
    ------------------------------



  • 27.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 08-27-2021 02:27 AM
    Hi John,

    Case number is #32827687.

    Edo


  • 28.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 25 days ago
    ​Hi John,

    is this solved in 14.3. RU3? Is in this version possible to deactivate google chrome extension?
    There is still no solution from support.


  • 29.  RE: Symantec Browser Extension (f. e. Chrome)

    Broadcom Employee
    Posted 08-26-2021 02:09 PM
    If anyone has a case opened for this you can request your account be added to the Feature Request via the case.

    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Endpoint Security Division (SES)
    Broadcom Software
    ------------------------------



  • 30.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 08-27-2021 02:36 AM
    Hi John,

    Case#32772628

    Thanks


  • 31.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 08-30-2021 11:11 AM
    We are still having issues with chrome and only chrome being slow loading pages, its hard to troubleshoot since its random but one person I was able to find so far once we deleted the reg key under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist for SEP the slowness went away and pages started loading, the problem being after so long GPO updates and re adds that ext. I have put a call out for anyone else who can recreate the issue to test further before I enter a ticket


  • 32.  RE: Symantec Browser Extension (f. e. Chrome)

    Broadcom Employee
    Posted 08-30-2021 11:27 AM

    Does disabling URL Protection resolve?

    Does disabling Browser IPS resolve?



    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Endpoint Security Division (SES)
    Broadcom Software
    ------------------------------



  • 33.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 08-30-2021 11:41 AM
    I don't have the rights to do that so waiting for someone else to do that but figured the reg key test was a good one before we went with that, so far 3 others had no issues once we removed the ext things improved.

    Was just informed IPS browser was disabled onprem and cloud, issue now is we told all of user to use edge but I can monitor tickets and see if we can find some more to test


  • 34.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 08-30-2021 02:07 PM
    I going to say I am 75% sure this is an ext issue, we disabled IPS browser system wide, users still reported to the issue on two devices able to recreate it and found this:

    The open chrome and try to go to a site, it sits there saying try to load, if you open dev tools and look at network console there is zero traffic

    Go under the registry and delete the force installed ext under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist

    Within seconds the pages loaded fine and they don't have issue, once the ext comes back to the device they start to have slowness again



  • 35.  RE: Symantec Browser Extension (f. e. Chrome)

    Broadcom Employee
    Posted 08-30-2021 02:26 PM
    Is it all sites or just internal?  I would get a case opened.

    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Endpoint Security Division (SES)
    Broadcom Software
    ------------------------------



  • 36.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 08-30-2021 02:31 PM
    Edited by Cody Dirrigle 08-30-2021 03:25 PM

    its a mix between external and internal, getting a ticket created now






  • 37.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 28 days ago
    We are having the same issue as Cody, I have been dealing with tech support for 2 weeks now, and have gotten nowhere.  All I need to do is disable the extension permanently and everything will be fine.  Someone wrote the code to install it, so give us the code to remove it please.


  • 38.  RE: Symantec Browser Extension (f. e. Chrome)

    Broadcom Employee
    Posted 09-09-2021 04:29 PM
    Nothing has been commited to changing this. There is not an ETA. I would open a case or discuss with account team to be added to this feature request.

    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Endpoint Security Division (SES)
    Broadcom Software
    ------------------------------



  • 39.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 09-10-2021 01:47 AM
    Dear John,

    please don't get me wrong, but I would like to give you an ETA;

    I will not talk about in witch direction SEP was developing in the last couple of years, however I have to make sure my environment is properly protected. The current version of SEP is vulnerable, the new one can be installed due to major issues you create with this web browser extension.

    We have to receive a ETA from Broadcom by at least next week, otherwise SEP as a solution will be decommissioned from our enterprise.

    Sometimes the decisions are very simple.

    Regards,
    Aleks


  • 40.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 28 days ago
    I had them close the ticket on the Symantec side since we saw some improvement with the release of 93, but got hit with another group of tickets this week. We have pretty much given up and shifted all of our users to edge. So please don't release an addin for that. 


    ---
    Sent from Workspace ONE Boxer





  • 41.  RE: Symantec Browser Extension (f. e. Chrome)

    Broadcom Employee
    Posted 25 days ago

    Hi Doug,

    What is your case number?



    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Endpoint Security Division (SES)
    Broadcom Software
    ------------------------------



  • 42.  RE: Symantec Browser Extension (f. e. Chrome)

    Broadcom Employee
    Posted 25 days ago

    Hi Edo,

    No. We have not been able to gather relevant data from customers to look into this issue and we have not been able to reproduce it.  This is not resolved in 14.3 RU3.

    Thanks,
    John Owens



    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Endpoint Security Division (SES)
    Broadcom Software
    ------------------------------



  • 43.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 23 days ago
    All I know is, when I upgraded to 14.3RU3 from 14.3RU2, all my clients are showing,


  • 44.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 25 days ago
    We are seeing the same.  If I turn off the IPS setting in Chrome it still shows the extension installed and enabled.  How do I see if it is bypass?

    If I delete the extension in the registry it is removed.

    But the policy change doesn't have the same result of removong th ext in Chrome.


    Is there a way to verify if I am turning off the right policy in the cloud enterprise product?

    ALSO it seesm that turning off Hardware acceleration in chome also may fix the issue.   It has on 5 PCs, so far.  So it appears the extension has trouble when the CPU and GPU are being used with acceleration enabled.

    Mark J.


  • 45.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 23 days ago

    On other factor that may be also contribute to the issue.

    The PCs having the issue have the embedded Intel HD Graphics 630 running on a Dell SFF 3050s and 3060s.

     

    Googling seems that other people complain about Chrome with that video.

     

    Again it seems it is the way the extension is interfacing with the CPU and GPU when acceleration is on.

     

     

     






  • 46.  RE: Symantec Browser Extension (f. e. Chrome)

    Broadcom Employee
    Posted 25 days ago

    Hi Mark,

    Turning off the Browser IPS setting sets the Chrome Extension into bypass mode. It does not remove the extension.

    Chrome was not supported by Browser IPS in the past. The extensions is the only way to allow Symantec to offer Browser IPS for Chrome.

    To test if it is in bypass mode you can use this site: http://fakebook.com. If no detection then it is in Bypass mode.

    Thanks,



    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Endpoint Security Division (SES)
    Broadcom Software
    ------------------------------



  • 47.  RE: Symantec Browser Extension (f. e. Chrome)

    Posted 25 days ago
    We turned off hardware and clear cache on close, it didn't fix the issue. Upgrading to 93 worked for about a week and now users who said it was gone are seeing it again 


    ---
    Sent from Workspace ONE Boxer





  • 48.  RE: Symantec Browser Extension (f. e. Chrome)