Chrome Browser Extension
Description
This document describes the installation, deployment and usage of Votiro's Chrome browser extension.
The browser extension can be:
|
n |
downloaded and installed in the Microsoft Edge browser. |
|
n |
downloaded and installed in the Cyberark Secure Browser. |
The user's manual is described at Chrome Extension User's Manual.
Limitations
|
n |
The Chrome browser extension does not work with Microsoft 365 webmail. |
|
n |
The Chrome browser extension does not support the Chrome browser option to enable the user to indicate where to save each file before downloading. You must disable this option as follows: |
|
a. |
In the Chrome browser, navigate to Settings > Downloads. |
|
b. |
Disable Ask where to save each file before downloading. |
Centralized Deployment using GPO (Group Policy Object)
To deploy Votiro's Chrome extension using GPO, the domain admin must implement the following steps:
|
1. |
Update the domain controller group policy with Google's Chrome extension. |
|
2. |
Central installation of the extension from the Google web store to users. |
|
3. |
Central configuration of the extension’s parameters in the Registry (for Windows, this depends on the operating system). |
While this document refers to GPO steps explicitly, the deployment can be done by most standard tools for domain policy management (such as Microsoft Configuration Manager (formerly System Center Configuration Manager (SCCM)), PolicyPak and others).
Centralized Deployment Procedure
|
1. |
Add Chrome Policy Templates |
|
a. |
On your domain controller, navigate to the URL Chrome browser for Windows, and download the correct 32 or 64 bit zip bundle. Extract the Google Chrome bundle to your desired location, for example: C:\temp |
|
b. |
Navigate to the directory in which you extracted the Google Chrome Bundle and copy to the directory C:\Windows\PolicyDefinitions the chrome.admx file located in the appropriate directory below: |
|
|
for the 64 bit bundle: \GoogleChromeEnterpriseBundle64\Configuration\admx
|
|
|
for the 32 bit bundle: \GoogleChromeEnterpriseBundle\Configuration\admx
|
|
c. |
Navigate to the directory in which you extracted the Google Chrome Bundle and copy to the directory C:\Windows\PolicyDefinitions\en-US the chrome.adml file located in the appropriate directory below: |
|
|
for the 64-bit bundle: \GoogleChromeEnterpriseBundle64\Configuration\admx\en-US
|
|
|
for the 32-bit bundle: \GoogleChromeEnterpriseBundle\Configuration\admx\en-US
|
Note: If a language other than en-US is desired, navigate to the appropriate language directory within the admx directory, for example, for Spanish: es-ES, and copy to the appropriate language directory within C:\Windows\PolicyDefinitions.
|
2. |
Create a Group Policy setting to deploy the Chrome extension |
|
a. |
Right-click Group Policy Objects, then select New to create a new GPO. |
|
b. |
Enter a Name for the new GPO , then click OK. |
|
c. |
Right-click the GPO, and select Edit. |
|
d. |
To force-install extensions, go to User Configuration\Administrative Templates\Google\ Google Chrome\Extensions. Go to the setting Configure the list of force-installed apps and extensions and double click it. |
|
e. |
Select the Enabled radio button. |
|
f. |
Click the Show button. |
|
g. |
In the Show Contents window, enter following string (this string points to our extension in the Google web store) in the Value field: |
jopliknbfkemjbgkoepoejcchliipoie;https://clients2.google.com/service/update2/crx
|
3. |
Import xml to the group policy (to update the registry) |
|
b. |
Open the file for editing and update to match the relevant customer, as following: |
|
|
hostname – The cluster you work with (i.e., qa.sg.paralus.votiro.com). |
|
|
isAudit – When the value is: |
|
|
true (1) - files are not sanitized, but still appear on our Incidents page. |
|
|
false (0) - files are sanitized. |
|
|
isFailOpen – Fail open/close. Fail open is 0 and fail close is 1. |
|
|
votiroPolicyName – The policy that should be used in the server. |
|
|
token – The service token for the relevant client (should be taken from the UI) |
|
c. |
Save the file and close it. |
|
d. |
Right-click the xml file in File Explorer and copy it to the Windows clipboard. |
|
e. |
In the Group Policy Editor, navigate to Computer Configuration > Preferences > Windows Settings > Registry. |
|
f. |
Right-click the white pane on the right. In the context menu, select Paste (or press CTRL+V if you don’t see the paste menu). |
|
g. |
The Confirm Import window opens. Click Yes. |
|
h. |
The GPO is created. Now you need to link it according to the organization’s policy. Locate the OU or Domain you want to apply the GPO to, then right-click it and select Link an Existing GPO.... Then select your GPO from the list, and click OK. |
Note: The policy contains both user configurations and computer configurations, so make sure the policy is applied on both computers and users.
|
4. |
Verify the Browser Extension Deployment |
|
a. |
Open the Chrome browser. The Votiro Chrome connector icon will be displayed. |
If the Votiro Chrome connector icon appears as above, each downloaded file will be sanitized by Votiro.
|
b. |
If there was a problem, the Votiro Chrome connector icon will be displayed as off: |
Manual Deployment
|
1. |
Install the extension from Google chrome web store |
|
b. |
Click on Add to Chrome. A confirmation window opens: |
|
c. |
Click on Add extension. |
|
2. |
Configure the Browser Extension |
|
a. |
The Chrome connector icon will be displayed with the off icon. |
|
b. |
Click on the “Settings” icon: |
|
c. |
Copy and paste the Hostname and Token from the Votiro Management console as in the above example. |
|
e. |
After saving, the Chrome connector extension will be activated. The Chrome connector icon will not be displayed with the off icon. |
If the Votiro Chrome connector icon appears as above, each downloaded file will be sanitized by Votiro.
Download and Install in Microsoft Edge Browser
To deploy the Browser plugin in the Microsoft Edge browser:
|
2. |
Click the Get extension or Get button to install. |
|
3. |
Click the Allow button. |
|
4. |
Click the Add extension button. The Votiro Browser Plugin is installed. |
Download and Install in Cyberark Secure Browser
To deploy the Browser plugin in the Cyberark Secure Browser:
|
1. |
Deploy the Browser plugin to Chrome using the appropriate deployment procedure (centralized or manual). |
|
2. |
Open and authenticate to the Cyberark Secure Browser. |
|
3. |
Navigate to the CyberArk User Portal and add the Votiro Browser plugin to the Applications. |
|
t |
Enter the Hostname for the cluster you work with. |
|
t |
Enter the Token generated using the procedure described in Service Tokens. |
|
4. |
After the plugin is successfully installed and configured, you can test file downloads. You can see threat detection history by clicking Votiro’s plugin. |
Post-Deployment Actions
Enable Downloads
In the Chrome browser:
|
1. |
Navigate to Extensions > Manage Extensions, or enter chrome://extensions in the address box. |
|
2. |
Navigate to Votiro Plugin Details in Manage extensions. |
|
3. |
Scroll down, and enable the following: |
|
t |
Check Allow access to file URLs. |
|
t |
Check Allow in Incognito. |
Note:
When deploying the browser plugin, each end user will need to enable these options to be able to download files while using the Browser plugin. Because it may disrupt the workflow, this should be taken into account by the organization.
Limitations in Incognito
|
n |
The end user will be prompted to enable this option. |
|
n |
If the end user does not enable the option, files will not be downloaded. In this case, the end user can browse through Incognito and then will be able to download files. |
|
n |
A prompt cannot be issued from the Incognito window. |
|
n |
Because of Chrome's strict policy, there is no way to force the app on Incognito without the user's express permission. |
Chrome Extension User's Manual
The following features characterize the Votiro Chrome Connector extension:
|
t |
If Allow access to file URLs is disabled in the Votiro Chrome Connector extension: |
|
i. |
The Votiro plugin prompts a user with a pop-up window to enable this option: |
|
ii. |
Click on Votiro Plugin Details ->. The user is led to Votiro Browser Plugin > Manage Extensions. |
|
iii. |
Toggle the switch to ensure that Allow access to file URLs is enabled. |
|
t |
When downloading a file, a Votiro popup will display in the bottom right of the screen: |
|
t |
After download is complete, there will be an indication that the file was downloaded: |
|
t |
To view downloaded files, click on the Votiro extension icon. Downloaded files will be displayed. The following information will be displayed: |
|
|
Sanitization result icon - Sanitized/Blocked |
The following examples illustrate:
|
|
Example 1: No threats found |
|
|
Example 2: Threats found |
|
t |
If there is an error while downloading a file, a popup window will display: |
|
t |
In this case, please try again. If the problem still occurs, contact Votiro support. |
The following screens illustrate the behavior of the Chrome Connector extension in Votiro's management screens:
|
t |
Dashboard Monitor screen |
|
|
There is an option to view and filter incidents from the Browser extension. |
Q&A
Q: If we deploy the Browser plugin widely using GPO, can we prevent users from disabling the Browser Plugin?
A: A customer that uses GPO can control whether users can access/remove/add browser extensions.
Q: When the Browser plugin is deployed, how can we prevent DO_NOT_OPEN_ from being appended to the beginning of the downloaded file names?
A: In the Chrome browser,
|
a. |
Navigate to Extensions > Manage Extensions, or enter chrome://extensions in the address box. |
|
b. |
Select the Votiro extension. |
|
c. |
Check Allow access to file URLs.
|
Comments
0 comments
Please sign in to leave a comment.