Installing Web Threat Shield Chrome Browser Extensions



Hello. You have arrived at an outdated topic. Please click this link to be redirected to the updated Endpoint Protection Admin Guide.

Webroot follows Google and the Chromium Projects best practice concerning Browser Extension deployment. Webroot therefore cannot deploy Browser Extensions without notifying end users. Partners wishing to install Chrome browser extensions silently in managed environments may do so using the following methods for enforced installation.

Enforced installation of the Chrome extension for Enhanced Web Threat Shield (EWTS) for Webroot SecureAnywhere in managed environments can be achieved easily. Enforced installation will not prompt the user to activate or accept the extension, and also prevents the user from disabling it.

In a non-enforced environment, the user will be prompted to enable the extension for Chrome as depicted the following image.




A non-enforced extension can, by design, be enabled, disabled or removed by the user via chrome://extensions/ as shown in the following image.




Chrome extensions, which are deployed silently in managed environments, are marked as shown in the following image. The user in this scenario cannot disable or remove the extension himself, this is controlled by the administrator. Note that there will not be any user prompts for enabling the extension.




Using Active Directory Group Policies

Google provides administrative templates for Windows Server 2003 (ADM template) and Windows Server 2008+ (ADMX template) which, once imported, will provide Chrome specific policies for Group Policies.

Required administrative templates can be downloaded from Google via below link:

Zip file of Google Chrome templates and documentation.

To create a forced installation of Chrome browser extensions via Active Directory Group Policies:

  1. Open the Group Policy Management console. Right click your domain and select Create and Link a GPO here.



  2. Name your new GPO; in this example it is called Chrome Enforced Policy.
  3. Right click your new GPO and select Edit. You should get a new window as shown below.

  4. Expand the Computer Configuration.
  5. Right click Administrative Templates.
  6. Click on Add/Remove Templates.

  7. Click Add.
  8. Point to the ADM or ADMX file from the Google Chrome templates archive you downloaded.  



  9. Click Open and then click Close.
    You should now see Google as an additional folder inside the Administrative Templates.
  10. Inside the Administrative Templates, expand Google\Google Chrome\Extensions.

  11. Click Configure the list of force-installed extensions.
  12. Click Enable.
  13. Click Show.
  14. Add the line of text below to the list of Extension/App IDs and update URLs to be silently installed.
    kjeghcllfecehndceplomkocgfbklffd;https://clients2.google.com/service/update2/crx




  15. Confirm all dialogs/buttons.
    This will install the Webroot EWTS extension for Chrome on any domain computer that this policy applies to.
Using Google Suite to Force Install a Single Custom App

Enforced installation of the Chrome extension for EWTS is supported on Google Suite managed environments. General directions for installing extensions and applications can be found in Google Help

To install the Chrome extension for the EWTS you will need to add a Custom App using the following steps.

To install the Chrome extension:

  1. Sign in to the Google Admin console.
  2. From the Admin console dashboard, click Device management.
  3. On the left, click Chrome management.
  4. Click App management.
  5. On the right, click the three dots to bring up the overflow menu.

  6. Select Add custom app.
  7. In the custom app dialog, enter the ID:
    kjeghcllfecehndceplomkocgfbklffd
  8. Enter the following URL:
    https://clients2.google.com/service/update2/crx
    for Webroot Filtering Extension.
  9. Click Add.

  10. From the App Management screen select the newly added extension identified by the ID.



  11. From the app options, select User Settings.

  12. Select the relevant Org you wish to install the Chrome extension for EWTS into and turn Allow installation and Force installation ON.



  13. Click Save.
    Users logging into Chrome using their credentials for the chosen Org will now receive the Webroot Filtering Extension in their Chrome browser. Please refer to the G Suite documentation from Google regarding Org structures and advanced options for managing applications.
    Note: At this time we do not support Webroot SecureAnywhere on Chromebooks. In order to avoid a poor experience for users running on these devices you will need to utilize policy control within G Suite, please refer to the G Suite help documentation for more information.
Using Registry

If using Active Directory or Google Suite are not suitable, using the Windows Registry might be an alternative to silently install the Chrome extension for the EWTS. Note that this option requires the computers to be part of a Microsoft Windows Domain.

Note: Using this method might conflict with Active Directory Group Policies or G Suite managed environments.

Details about available policy settings for Chrome can be found at:

http://dev.chromium.org/administrators/policy-list-3#ExtensionInstallForcelist

Use the Windows Registry Editor (regedit.exe) to:

  1. Check whether the Registry key listed below exists.
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist]
    Existence of this key may indicate that other management applications are enforcing Chrome policies, specifically forced installation of extensions, which can cause conflicts if below steps are continued.
  2. Add the following Registry value:
    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist]
    "1"="kjeghcllfecehndceplomkocgfbklffd;https://clients2.google.com/service/update2/crx"
    If you want to register additional extensions, please ensure continuous numbering.