How to Block browser extensions

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L1 Bithead

How to Block browser extensions

Hello,

 

Does anybody know if it is possible to block specific browser extensions from being downloaded?

I would like to block the searchencrypt browser extension.

 

Thanks

 


Accepted Solutions
Highlighted
L7 Applicator

Have you enabled SSL Decryption?  Since the Chrome Web Store runs over SSL, and if you're not using SSL Decryption, then your choice becomes permitting all extensions or blocking all extensions.  

 

However, if you focus on the traffic generated by the "searchencrypt" extension - that's something much easier to target without collatteral damage.  You're not necessarily stopping users from downloading the extension, but these options will prevent the extension from working.  

 

The easiest way would be to use the URL Filtering engine and block the "proxy-avoidance-and-anonymizers" URL category - that will stop the searchencrypt extension from working.  Two upsides to this method:  1.) it would block other/similar extensions which have been categorized as proxies by our URL filtering engine, and 2.) it can provide some visual feedback through the URL Response Pages.  The error page can be customized to your environment and provide additional information to the user receiving the message. 

 

Here's a screenshot after blocking that URL category:

 

searchencrypt.PNG

 

If you don't have the URL filtering subscription, I believe you can still create custom URL categories.  Add "searchencrypt.com" and "*.searchencrypt.com" to a custom URL category and deny access to that category.  

 

Another option if you don't have the URL filtering subscription:  create a custom AppID signature.  I configured one that looks for "searchencrypt.com" in the SSL Response Certificate context of the SSL decoder.  Here's a screenshot with most of the information you'd need to create the custom application signature:

 

searchencrypt2.PNG

 

And here's a screenshot from the traffic log showing it blocking based on the custom AppID signature:

 

appid-searchencrypt.PNG

View solution in original post


All Replies
Highlighted
L7 Applicator

Have you enabled SSL Decryption?  Since the Chrome Web Store runs over SSL, and if you're not using SSL Decryption, then your choice becomes permitting all extensions or blocking all extensions.  

 

However, if you focus on the traffic generated by the "searchencrypt" extension - that's something much easier to target without collatteral damage.  You're not necessarily stopping users from downloading the extension, but these options will prevent the extension from working.  

 

The easiest way would be to use the URL Filtering engine and block the "proxy-avoidance-and-anonymizers" URL category - that will stop the searchencrypt extension from working.  Two upsides to this method:  1.) it would block other/similar extensions which have been categorized as proxies by our URL filtering engine, and 2.) it can provide some visual feedback through the URL Response Pages.  The error page can be customized to your environment and provide additional information to the user receiving the message. 

 

Here's a screenshot after blocking that URL category:

 

searchencrypt.PNG

 

If you don't have the URL filtering subscription, I believe you can still create custom URL categories.  Add "searchencrypt.com" and "*.searchencrypt.com" to a custom URL category and deny access to that category.  

 

Another option if you don't have the URL filtering subscription:  create a custom AppID signature.  I configured one that looks for "searchencrypt.com" in the SSL Response Certificate context of the SSL decoder.  Here's a screenshot with most of the information you'd need to create the custom application signature:

 

searchencrypt2.PNG

 

And here's a screenshot from the traffic log showing it blocking based on the custom AppID signature:

 

appid-searchencrypt.PNG

View solution in original post

Highlighted
L1 Bithead

@jvalentinethanks for your help.

I will try with blocking the url. If that does not work, I will use the other 2 suggestions you explained. :)

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!