Deploying ConcealBrowse through the MSI Deploying ConcealBrowse through the MSI

Deploying ConcealBrowse through the MSI

Description

This guide outlines usage and troubleshooting for the ConcealBrowse MSI installer. Using the MSI for deployment results in automatic device registration to the conceal.io platform. 

Getting Started

Download the latest release of the MSI below. The installer will automatically install to Chrome, Edge, Brave, and Firefox unless you configure otherwise.

Customized Installer for your tenant (Recommended)

Customized installers for your tenant can be found in the Conceal dashboard at https://dashboard.conceal.io/ by clicking Download Extension. You can reference Download the Conceal MSI from the dashboard for more details.

Non-customized Installers

 

Before You Begin

If you are using ThreatLocker, please review our Possible ThreatLocker effects when deploying ConcealBrowse article before starting deployment.

If you are using cloned machines, verify these machines have been properly sysprepped before deploying Conceal to avoid deployment issues. ConcealBrowse should be installed after the new clone is created in all cases. 

If you are using a non-customized installer, gather the CompanyID and SiteID required for the extension to authenticate during deployment. Log into the Conceal dashboard. Click Download Extension at the top right, and scroll down to find Company ID and Site ID.

Usage

The MSI can either be ran as a stand alone UI application, or it can be executed using management tools such as msiexec.

When executing via the UI the only configuration options available is to set the SITEID and COMPANYID. If those values are not configured then the installer will output an error COMPANYID and SITEID must be set.

When executing via the command-line there are several more potential flags that can be configured. The exhaustive list is as follows

  • COMPANYID - (REQUIRED) The company UUID to register the extension with - Navigating the Devices section of the ConcealBrowse dashboard

  • SITEID - (REQUIRED) The site UUID to register the extension with - Navigating the Devices section of the ConcealBrowse dashboard

  • OVERRIDE_UPDATE_URL - Specifies where Chrome should download the ConcealBrowse extension. Defaults to https://clients2.google.com/service/update2/crx

  • INSTALLATION_MODE - Controls if and how extensions that you specify are added to Chrome Browser. You can set the installation mode to:

    • force_installed - (Default, suggested) Automatically install the extension without user interaction. Users can't remove it 
    • normal_installed -Automatically install the extension without user interaction. Users can disable it
  • TOOLBAR_PIN - Controls if the extension icon is pinned to the toolbar. You can set the value to:

    • force_pinned - (Default - Suggested)The extension icon is pinned to the toolbar and visible at all times. The user can't hide it in the extension menu.
    • default_unpinned - The extension starts hidden in the extension menu, and the user can pin it to the toolbar.
  • ADDLOCAL - Specifies what features will be installed. The Base feature is what actually installs the helper executable and sets it’s config files. Then Chrome and Edge sets the registry keys required to install for those specific browsers.

    • Base - Optional if you'd like to limit the browsers that Conceal will be installed on. By default without this command, Conceal will be installed to all supported browsers. 
      Ex: ‘ADDLOCAL=Base,Chrome,Edge’
    • Chrome - installs Conceal Browse for Chrome
    • Edge - installs Conceal Browse for Edge
    • Firefox - installs Conceal Browse for Firefox
    • Brave - installs Conceal Browse for Brave
  • REMOVE - Optionally removes a feature that has been installed
      • Chrome - removes Conceal Browse from Chrome
      • Edge - removes Conceal Browse from Edge
      • Brave - removes Conceal Browse from Brave
      • Firefox - removes Conceal Browse for Firefox
      • ALL - removes Conceal Browse from all browsers and deletes installation files

Example msiexec usage

The installation can be executed using msiexec with the following arguments:

  • Basic installation
    msiexec /i ConcealBrowse_Installer_x64.msi
  • Custom installation
    msiexec /i ConcealInstaller.Windows_x64.msi OVERRIDE_UPDATE_URL="<YOUR UPDATE URL>" INSTALLATION_MODE="<INSTALLATION MODE OPTION>" TOOLBAR_PIN="<TOOLBAR PIN OPTION>"
  • Install silently without the UI (must be run in an administrative context)
    msiexec /i ConcealInstaller.Windows_x64.msi /qn

Modifying the extension

The extension can be modified using msiexec

Example setting the toolbar pinned state to default_unpinned

msiexec /i ConcealInstaller.Windows_x64.msi TOOLBAR_PIN="default_unpinned" REINSTALL=ALL REINSTALLMODE=omus /L*v "C:\Windows\Temp\ConcealHelper-modify.log"


Removing the extension

The extension can be removed either by uninstalling the ConcealHelper application via the Programs and Features menu and selecting Uninstall, or by usingmsiexec.

Once you uninstall ConcealBrowse from a device, the device will not automatically be deleted from the dashboard. You must go into the Conceal dashboard and delete the associated profiles with that device.

msiexec /x ConcealInstaller.Windows_x64.msi /L*v "C:\Windows\Temp\ConcealHelper-uninstall.log"
msiexec /i ConcealInstaller.Windows_x64.msi REMOVE=ALL /L*v "C:\Windows\Temp\ConcealHelper-uninstall.log"

If you would like to only remove specific features you can achieve this with msiexec

msiexec /i ConcealInstaller.Windows_x64.msi REMOVE=Brave /L*v "C:\Windows\Temp\ConcealHelper-uninstall.log"

**IMPORTANT** - If a user wants to manually reinstall ConcealBrowse in the future after uninstalling, they are forced into reinstalling using the MSI. They will not be able to reinstall directly using the Firefox add-ons store.

Since Firefox does not support uninstalling an installation the same way as other browsers, we are forced to leave behind a registry key. This registry key tells Firefox that if ConcealBrowse is installed to then uninstall it, however it also blocks future installation of the extension from the add-ons store. So in the future if the user uninstalled ConcealBrowse, and then tried to install it directly from the Firefox add-ons store, then it will be blocked from installing.

The registry key left behind is:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ExtensionSettings\concealbrowse@conceal .io\installation_mode=blocked

Output

Upon successful installation the following registry keys and files should be created. Upon successful removal the keys and files should all be deleted.

Files

  • C:\ProgramData\Conceal\conceal-helper\conceal-helper.conf
  • C:\ProgramData\Conceal\conceal-helper\conceal-helper.exe
  • C:\ProgramData\Conceal\conceal-helper\conceal-helper-manifest.json
  • C:\ProgramData\Conceal\conceal-helper\conceal-helper-firefox-manifest.json

Registry keys Chrome

  • HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\io.conceal.helper
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionSettings\jmdpihfpelphmllgmamebdbelmobjfpg\installation_mode
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionSettings\jmdpihfpelphmllgmamebdbelmobjfpg\toolbar_pin
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionSettings\jmdpihfpelphmllgmamebdbelmobjfpg\update_url

Registry keys Edge

  • HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\io.conceal.helper
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionSettings\ojjdicpccncniljgdmjcepenkkpmnnmk\installation_mode
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionSettings\ojjdicpccncniljgdmjcepenkkpmnnmk\toolbar_state
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionSettings\ojjdicpccncniljgdmjcepenkkpmnnmk\update_url
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionSettings\ojjdicpccncniljgdmjcepenkkpmnnmk\override_update_url

Registry keys Firefox

  • HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\NativeMessagingHosts\io.conceal.helper
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ExtensionSettings\concealbrowse@conceal.io\install_url
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ExtensionSettings\concealbrowse@conceal.io\installation_mode
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ExtensionSettings\concealbrowse@conceal.io\default_area

Registry keys Brave

  • HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\io.conceal.helper
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\BraveSoftware\Brave\ExtensionSettings\jmdpihfpelphmllgmamebdbelmobjfpg\installation_mode
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\BraveSoftware\Brave\ExtensionSettings\jmdpihfpelphmllgmamebdbelmobjfpg\toolbar_pin
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\BraveSoftware\Brave\ExtensionSettings\jmdpihfpelphmllgmamebdbelmobjfpg\update_url

Troubleshooting

If you are experiencing difficulties with the installer try enabling logging to see the full installation output

  • Log the install process
    msiexec /i ConcealInstaller.Windows_x64.msi COMPANYID="<YOUR COMPANY ID>" SITEID="<YOUR SITE ID>" /L*v "C:\Windows\Temp\ConcealHelper-install.log"
  • Log the uninstall process
    msiexec /x ConcealInstaller.Windows_x64.msi /L*v "C:\Windows\Temp\ConcealHelper-uninstall.log"

*Never hesitate to contact your Customer Success Manager for any questions or concerns. You may also open a support ticket at support.conceal.io by scrolling to the bottom and clicking Submit a request.