Loading...

Knowledge Center


Endpoint Security Web Control browser extensions must be enabled by the end user
Technical Articles ID:   KB87568
Last Modified:  3/23/2018
Rated:


Environment

McAfee Endpoint Security (ENS) Web Control 10.x

Google Chrome
Microsoft Internet Explorer (IE)
Mozilla Firefox

Summary

ENS Web Control works with IE, Chrome, and Firefox as a browser extension or add-on. All of these browsers require you to manually activate the ENS Web Control extensions before you can use Web Control.

Each browser has different behaviors and steps associated with activating the ENS Web Control extensions after ENS Web Control is installed on the local system.

IMPORTANT: If enabled, the ENS option to Prevent users from uninstalling or disabling browser plugins prevents end users from disabling the ENS Web Control extensions only in IE. The hardening policy does not prevent end users from disabling ENS Web Control in Chrome or Firefox.
 
Enable ENS Web Control in IE:
In IE, a prompt displays at the bottom of the browser screen asking the end user to enable the ENS Web Control Browser Helper Object (BHO) and ENS Web Control toolbar. ENS Web Control will not function in IE if the ENS Web Control BHO and toolbar are not enabled.

If an end user disables the ENS Web Control add-ons in IE, the add-ons cannot be re-enabled with ePolicy Orchestrator (ePO) and the McAfee Agent; the end user must re-enable them locally. If enabled, the ENS self protection policy will keep end users from disabling the add-ons.
 
IE also allows for the ENS Web Control extensions to be force-enabled through Active Directory. For details, see https://technet.microsoft.com/en-us/library/cc985341.aspx and https://technet.microsoft.com/en-us/itpro/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy. The CLSID for the ENS Web Control BHO is {B164E929-A1B6-4A06-B104-2CD0E90A88FF}, and the CLSID for the ENS Web Control toolbar is {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}.
 
Enable ENS Web Control in Chrome:
In Chrome, the menu icon is highlighted and a pop-up window opens with a message stating a new extension has been installed and is ready for use. ENS Web Control will not function in Chrome until the extension is enabled.

If an end user deletes the ENS Web Control extension in Chrome, you cannot restore the extension through ePO. An uninstall and reinstall of ENS Web Control will not add the ENS Web Control extension back in Chrome. To make the ENS Web Control extension available in Chrome again, you must either delete the Chrome user profile that deleted the ENS Web Control extension or reinstall Chrome on the system.
 
Chrome also allows for the ENS Web Control extension to be force-enabled through Active Directory. For details, see https://support.google.com/chrome/a/answer/187202?hl=en. The APPID for ENS Web Control is jjkchpdmjjdmalgembblgafllbpcjlei, and the location at which the extension is hosted is: https://clients2.google.com/service/update2/crx. APPIDs are case-sensitive.

When you add the ENS Web Control extension to force install in group policy, you need to remove the SiteAdvisor Enterprise extension from being force installed. Otherwise, there will be two icons in Chrome. The SiteAdvisor Enterprise icon does not function because the SiteAdvisor Enterprise service is not running. The SiteAdvisor Enterprise extension interferes with the ENS Web Control extension, and it causes navigation issues from ENS Web Control enforcement messages.

Enable ENS Web Control in Firefox: 
In Firefox, a prompt displays asking the end user to enable the ENS Web Control extension upon opening Firefox after the ENS Web Control installation. The ENS Web Control service will enable the ENS Web Control browser extension automatically in Firefox five minutes after installation if the end user has not already opened Firefox. Every 30 minutes, the ENS Web Control service checks the status of the ENS Web Control extension in Firefox and enables the extension if it has been disabled by the end user. A browser restart is required to enable the ENS Web Control browser extension in Firefox.

Mozilla is investigating Active Directory integration. Currently you cannot manage Firefox through Active Directory to force-enable the ENS Web Control extension and keep end users from disabling the extension.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.