What mechanism is forcing Webroot Extension to forceinstall?

  • 18 September 2020
  • 2 replies


We are having major problems with Webroot WebThreat extension and have decided to no longer use it.


I created a test group to go through the remove process. The group policy has WebThreat turned off.

All devices in the group have the Webroot client saying the Web Threat shield is turned off. Annoying the client is saying a warning that it is disabled.

I reboot a device, and the extension is still installed.

I uninstall webroot, and the extension is still there.

I run the following script I made:


sudo /usr/libexec/PlistBuddy -c 'Delete :ExtensionInstallForcelist' /Library/Managed\ Preferences/com.google.Chrome.plist
sudo /usr/libexec/PlistBuddy -c 'Delete :ExtensionInstallForcelist' /Library/Managed\ Preferences/*/com.google.Chrome.plist

sudo /usr/libexec/PlistBuddy -c 'Add :ExtensionInstallBlacklist array' /Library/Managed\ Preferences/com.google.Chrome.plist
sudo /usr/libexec/PlistBuddy -c 'Add :ExtensionInstallBlacklist:0 string kjeghcllfecehndceplomkocgfbklffd' /Library/Managed\ Preferences/com.google.Chrome.plist

sudo /usr/libexec/PlistBuddy -c 'Add :ExtensionInstallBlacklist array' /Library/Managed\ Preferences/*/com.google.Chrome.plist
sudo /usr/libexec/PlistBuddy -c 'Add :ExtensionInstallBlacklist:0 string kjeghcllfecehndceplomkocgfbklffd' /Library/Managed\ Preferences/*/com.google.Chrome.plist

sudo rm -rf /Users/*/Library/Application\ Support/Google/Chrome/Profile\ */Extensions/kjeghcllfecehndceplomkocgfbklffd


And the extension is removed, and after a few seconds, it gets installed back. This behavior occurs whether webroot is installed or not.


Does everyone have an idea of what Webroot is using to install the Web Threat Shield? Any ideas would be helpful. 

This topic has been closed for comments

2 replies


Also, we are removing Webroot Web Threat because of performance issues and the new bug that asked users to enter a key-code to activate Webroot Web Threat Shield extension for new installations even though the client is activated.


I do have another concern. After reboot, the plist of our test devices gets overwritten. We have student devices that have Chrome extension blocklist because there is some vpn extension that allow students to bypass content filtering. With this new verison, or whatever is casuing the new behavior, are you saying you are overwriting our security policies that prevent students from installing these VPN extensions, which is putting us in a bad position as we may be fined by FCC  for not controlling access to the internet?

Too bad we renewed our Webroot this summer. If anyone can assist in answering any questions that would be great.