Serious Discussion Whitelisting extensions in Edge

Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Forum Veteran
Dec 23, 2014
10,018
1
65,909
8,398
65
Poland
Whitelisting extensions in Edge

Malicious extensions are pretty popular in the wild. Here are some examples of their malicious activities:
  1. Bypassing two-factor authentication.
  2. Sending the victim’s correspondence to the hackers’ C2 server.
  3. Stealing cryptocurrency.
  4. Spoofing search results with ADs.
  5. Hijacking accounts in games and social networks.
www.kaspersky.com

Malicious browser extensions in 2023

Stealing cryptocurrency, hijacking accounts in games and social networks, manipulating search results, and other dirty tricks of malicious browser extensions in 2023.
www.kaspersky.com www.kaspersky.com

Whitelisting extensions in the web browser prevents installing malicious (unwanted) extensions by casual users or by malware running outside the web browser.
It can be done by applying Edge Policies ("BlockExternalExtensions, ExtensionInstallAllowlist, ExtensionInstallBlocklist)

Code: 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge]
"BlockExternalExtensions"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallAllowlist]
"1"="cnlefmmeadmemmdciolhbnfeacpdfbkd"
"2"="ghbmnnjooekpmoecnnnilnnbdlolhkhi"
"3"="jbkfoedolllekgbhcbcoahefnbanhhlh"
"4"="pdffkfellgipmhklpdmokmckkkfcopbh"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallBlocklist]
"1"="*"

The ExtensionInstallAllowlist contains the IDs of whitelisted extensions (others are blocked). For example, the ID "pdffkfellgipmhklpdmokmckkkfcopbh" is related to AdGuard AdBlocker, which can be identified on the microsoftedge.microsoft.com:
https://microsoftedge.microsoft.com/addons/detail/adguard-adblocker/pdffkfellgipmhklpdmokmckkkfcopbh

The extension IDs can also be found in the folder:
%LocalAppData%\Microsoft\Edge\User Data\Default\Extensions\
%LocalAppData%\Microsoft\Edge\User Data\Profile 1\Extensions\
%LocalAppData%\Microsoft\Edge\User Data\Profile 2\Extensions\

To view the policies, open Microsoft Edge and enter edge://policy in the address bar.

1751206424499.png



Here is an example of blocked installation:

1751207558813.png
 
  • +Reputation
  • Like
Reactions: rashmi, simmerskool, silversurfer and 3 others
Thanks for sharing this comprehensive guide on whitelisting extensions in Edge. This is a great way to enhance browser security and prevent the installation of potentially harmful extensions. Remember to only whitelist trusted extensions to maintain optimal security.
 
Parkinsond said:
Currently I am practising extensionless browsing; it is more safe, but may not suit everyone.
Click to expand...

However, it is not the same. With extensionless browsing, the extensions can still be installed by a casual user or silently by malware. When extensions are whitelisted, new extensions cannot be installed.
 
  • Like
  • +Reputation
  • Hundred Points
Reactions: simmerskool, rashmi, Gandalf_The_Grey and 2 others
Parkinsond said:
Can be applied to browsers other than Edge?
Click to expand...

For Google Chrome:
chromeenterprise.google

Chrome Enterprise Policy List & Management | Documentation

Chrome Enterprise policies for businesses and organizations to manage Chrome Browser and ChromeOS.
chromeenterprise.google chromeenterprise.google

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"BlockExternalExtensions"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallAllowlist]
"1"="kbfnbcaeplbcioakkpcpgfkobkghlhen"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallBlocklist]
"1"="*"
Click to expand...

Whitelisted Grammarly extension:
https://chromewebstore.google.com/detail/grammarly-ai-writing-and/kbfnbcaeplbcioakkpcpgfkobkghlhen

1751215562442.png
 
Last edited:
  • +Reputation
  • Like
  • Thanks
Reactions: rashmi, simmerskool, oldschool and 2 others
I recently looked into using group policy (AMDX template) to allow/block extensions in Edge and Chrome on kids' Windows 11 Pro systems. I didn't check all the policies, so I'll ask here. Is it possible to prevent users from disabling extensions using group policy?
 
  • Like
Reactions: Andy Ful and simmerskool
rashmi said:
I recently looked into using group policy (AMDX template) to allow/block extensions in Edge and Chrome on kids' Windows 11 Pro systems. I didn't check all the policies, so I'll ask here. Is it possible to prevent users from disabling extensions using group policy?
Click to expand...

Yes. Here is an example (AdGuard AdBlocker extension from Microsoft Store):

Code: 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist]
"1"="pdffkfellgipmhklpdmokmckkkfcopbh"


1751227596999.png
 
Last edited:
  • +Reputation
  • Thanks
Reactions: rashmi, simmerskool and Parkinsond
I tested the extension blocklist and allowlist policies, including for the InPrivate window. Everything worked well; you cannot disable, uninstall, or install extensions. I plan to configure the policies on our kids' systems along with disabling the Developer and Guest modes. @Andy Ful, I believe the policies will not affect the extension updates, right?
 
  • Like
Reactions: Andy Ful
I just add this to my Chrome shortcut and it works fine
--disable-features=ExtensionManifestV2Unsupported,ExtensionManifestV2Disabled
 
@Sammo,

Your posts are unrelated to this thread. Whitelisting means that you first block all extensions and then allow only a few that you need.
Your posts would be interesting in another thread.:)(y)
 
  • Like
Reactions: Sammo

You may also like...