DNS & Web Filtering Q&A
DefensX extension is blocking a site even though it is set to allow and there is a custom URL group allowing access.
Some websites can create false positives with ad blocker rules. For this reason, every Adblocker has a feature to bypass for a website.
It is possible to left-click on the DefensX extension icon, disable the Adblocker (image 1), and click the refresh icon on that page (image 2)
What is the extension id values used in DefensX?
DefensX browser extensions have different Extension ID values depending on the browser and whether the computer is in a managed or unmanaged state. Below is a detailed breakdown of how extension updates work based on the system’s management status.
Chromium-Based Browsers (Google Chrome, Microsoft Edge, Brave, etc.):
Chromium-based browsers enforce the following update rules:
-
Unmanaged Computers → Extensions can be updated directly from the public marketplace (Chrome Web Store or Edge Add-ons Store).
-
Managed Computers → Extensions can also be updated from third-party CDNs that implement the Chromium extension update APIs.
How Managed Status is Determined:
-
Windows: The computer is considered managed if it is joined to an Active Directory domain or enrolled in Azure AD (must be in device-join state, not workplace-join).
-
Mac: The system is considered managed if it is enrolled in an MDM solution.
Mozilla Firefox:
Unlike Chromium-based browsers, Firefox does not differentiate between managed and unmanaged computers.
Therefore, DefensX always distributes its Firefox extension updates via its own CDN instead of a public marketplace.
DefensX Extension ID List
Browser |
Mode |
Extension ID |
Microsoft Edge |
Managed |
|
Microsoft Edge |
Unmanaged |
|
Google Chrome & Other Chromium-Based Browsers |
Managed |
|
Google Chrome & Other Chromium-Based Browsers |
Unmanaged |
|
Mozilla Firefox |
All Cases |
GPO Configuration for Extension Whitelisting
If you are enforcing a browser extension whitelist policy via Group Policy (GPO), it is recommended to allow both managed and unmanaged extension IDs to ensure seamless updates and compatibility.
Enforcing Extensions via GPO
If you are already distributing browser extensions through GPO (in addition to DefensX), policy updates overwrite the existing list of force-installed extensions. The DefensX Agent automatically detects this situation and re-applies the required policies. However, depending on timing, this may temporarily remove the DefensX extension and trigger a fresh installation.
Although the browser reinstalls the extension automatically, it is treated as a new installation. As a result, previously granted permissions (such as allowing the extension to run in Incognito mode) may be reset.
Recommended Solution
To prevent this behavior, you should add the DefensX extension ID to the same GPO object used to distribute other browser extensions.
Example Configuration
Suppose you are already deploying the Microsoft SSO extension from the Chrome Web Store (extension ID: ppnbnpeolgkicgegkbkbjmhlideopiji) and want to include the DefensX extension.
Follow these steps:
-
Edit the GPO where your existing extensions are configured.
-
Navigate to Computer Configuration → Policies → Administrative Templates → Google → Google Chrome → Extensions
-
Right-click on the Configure the list of force-installed apps and extensions and select Edit.
-
Click Show.
-
Add the following entry:
kdgfdpfnfmmedmkakcfckhblalhincph;https://cloud.defensx.com/extensions/check -
Click OK and apply the changes.
You can apply the similar approach for Microsoft Edge using the corresponding extension ID.
Required Configuration Entries for GPO:
Browser |
Configuration Line |
Microsoft Edge |
|
Chrome and other Chromium based |
|