By denying the SYSTEM user full control over that registry path, the SEP client (which runs under the SYSTEM account) cannot write the forced installation key back after a reboot. Some users have reported that this method successfully prevents reinstallation, though SEP may display a warning that “Browser Intrusion Prevention is malfunctioning” in the system tray icon.
Some SEP installations become corrupted or require a password that you do not know. In these situations, Broadcom provides a tool called , which is specifically designed to forcibly remove SEP client remnants. CleanWipe will uninstall the SEP client software along with the Chrome extension.
For administrators, the most effective way to remove the extension across a network is by modifying the Intrusion Prevention System (IPS) policy:
If you have local administrative rights and need to temporarily disable the entire SEP client (including the extension) for troubleshooting, use the SMC command : Press Win + R on your keyboard to open the dialog. Type smc -stop and click OK . disable symantec endpoint protection chrome extension
To disable the Symantec Endpoint Protection (SEP) Chrome extension, you can use the standard browser settings if it is unmanaged, or advanced administrative tools like the Symantec Endpoint Protection Manager (SEPM) or Windows Registry if it is locked by an organization. 1. Disable via Chrome Extension Settings (Unmanaged)
Wait for the client machines to check in ("heartbeat") to receive the updated policy.
Is the extension switch inside your Chrome settings? By denying the SYSTEM user full control over
Start:
Close Chrome completely (including background processes) and reopen it. Navigate again to chrome://extensions to confirm that the Symantec extension is gone. Restart your computer and check again to ensure that it does not return.
From a technical standpoint, the SEP client enforces the extension’s presence by writing a specific value into the Windows Registry. More precisely, when Browser Intrusion Prevention is enabled, the SEP client adds a registry key called ExtensionInstallForcelist at the following location: In these situations, Broadcom provides a tool called
If you are using Symantec Endpoint Protection on your – not a company‑managed device – you have more flexibility. In non‑managed environments, the SEP client is installed locally but is not receiving forced policy updates from a central server. This means you can modify the registry settings that control the extension without those settings being automatically overwritten.
Yes. If you only need to bypass the block for a specific legitimate website, you can create a Trusted Web Domain exception within the SEP policy instead of disabling the whole extension. This keeps your security intact while allowing access to specific sites. Ask your IT administrator to add the domain to the exceptions list in the SEP Manager.