Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
btan
Staff & Editor
Staff & Editor

Created on ‎09-15-2024 10:34 PM Edited on ‎09-15-2024 10:34 PM By Community Manager

Article Id 341383

Technical Tip: Verifying if FortiClient Web Filter Browser Extension is force installed by FortiClient, or is it from other third-party

Description This article describes how to verify if FortiClient Web Filter Browser Extension is force installed by FortiClient, or is it from other third-party.
Scope

FortiClient v7.0, v7.2 and above. When 'Enable Web Browser Plugin for Web Filtering' is already DISABLED in FortiClient EMS Endpoint profile, but FortiClient Web Filter Browser Extension is still remain installed in endpoints.

 

not-wfp.PNG
Solution
  1. Open Registry Editor, navigate to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome
  2. Select  Chrome, on the right side, see the ExtensionSettings key.
  3. If the Web Filter extension is forced installed (can be via EMS or GPO), it will have below similar value:


{"mbdegapampkgaclohepfibppdhongjgh":{"installation_mode":"force_installed","update_url":"https://clients2.google.com/service/update2/crx"}}

 

when-forced.PNG

 

 

  1. Navigate to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge.
  2. For Edge, the ExtensionSettings key will have below similar value:


{"ckhgbbanigpkebahlfehgaegmepacdeo"{"installation_mode":"force_installed","update_url":"https://edge.microsoft.com/extensionwebstorebase/v1/crx"}}

 

  1. If the above registries exist, the WF extension may be force-installed by GPO. Open a Windows Command prompt, run below command:


GPRESULT /Z >"%USERPROFILE%\Desktop\rsop.txt"

 

  1. Open the rsop.txt in the Desktop to identify any GPO being pushed that may result in this force installation.
  2. If there is no GPO detected (example below), check with other third-party endpoint management tool, for example Intune, and look for below extension ID in the configuration:

mbdegapampkgaclohepfibppdhongjgh --> Chrome
ckhgbbanigpkebahlfehgaegmepacdeo --> Edge

 

  1. If this extension ID appears anywhere in the third-party tool, proceed to remove or disable it:

 

rsop1.PNG
1085
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.