You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close

07: How do I allow a Chrome extension blocked by SecureRun to be installed?

When SecureRun is enabled, it may block some Chrome Extensions from installing. Two examples of this are Adobe Acrobat and Power Automate Desktop.

The commands that are run to install these extensions are as follows:

C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Power Automate Desktop\PAD.EdgeMessageHost.exe" chrome-extension://njjljiblognghfjfpcdpdbpbfcmhgafg/ --parent-window=0 < \\.\pipe\LOCAL\edge.nativeMessaging.in.8c9048e3136bfe0b > \\.\pipe\LOCAL\edge.nativeMessaging.out.8c9048e3136bfe0b

C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe" chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.602ecca2de172262 > \\.\pipe\chrome.nativeMessaging.out.602ecca2de172262

To allow the extensions to be installed, create a “New Executable Policy” for each extension that is being blocked. This can be done on either the Computer or User side, depending on who is a member of the OU.

Create a Combo Rule

Select “Path”, “Command-line arguments” and “Apply to child processes”.

Under Path Condition, add file %SYSTEMROOT%\System32\cmd.exe.

Under Command-line Arguments, select “Strict equality”; check “Ignore arguments case”; under Arguments, we are going to take the first part of the installation command, after cmd.exe, and replace the last part with asterisks.

/d /c "C:\Program Files (x86)\Power Automate Desktop\PAD.EdgeMessageHost.exe" chrome-extension://*/*

/d /c "C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe" chrome-extension://*/*

Set action as “Allow and Log”

Rename, set ILT if required and Finish

  • 1166
  • 11-Nov-2021
  • 721 Views