Description
This guide outlines usage and troubleshooting for the ConcealBrowse MSI installer. Using the MSI for deployment results in automatic device registration to the conceal.io platform.
Getting Started
Download the latest release of the MSI below. The installer will automatically install to Chrome, Edge, Brave, and Firefox unless you configure otherwise.
Customized Installer for your tenant (Recommended)
Customized installers for your tenant can be found in the Conceal dashboard at https://dashboard.conceal.io/ by clicking Download Extension. You can reference Download the Conceal MSI from the dashboard for more details.
Non-customized Installers
- Windows 64 bit - https://conceal-browse.conceal.io/installer/latest/ConcealInstaller.Windows_x64.msi
- Windows ARM - https://conceal-browse.conceal.io/installer/latest/ConcealInstaller.Windows_arm64.msi
- Windows 32 bit - https://conceal-browse.conceal.io/installer/latest/ConcealInstaller.Windows_x86.msi
Before You Begin
If you are using ThreatLocker, please review our Possible ThreatLocker effects when deploying ConcealBrowse article before starting deployment.
If you are using cloned machines, verify these machines have been properly sysprepped before deploying Conceal to avoid deployment issues. ConcealBrowse should be installed after the new clone is created in all cases.
If you are using a non-customized installer, gather the CompanyID and SiteID required for the extension to authenticate during deployment. Log into the Conceal dashboard. Click Download Extension at the top right, and scroll down to find Company ID and Site ID.
Usage
The MSI can either be ran as a stand alone UI application, or it can be executed using management tools such as msiexec
.
When executing via the UI the only configuration options available is to set the SITEID
and COMPANYID
. If those values are not configured then the installer will output an error COMPANYID and SITEID must be set
.
When executing via the command-line there are several more potential flags that can be configured. The exhaustive list is as follows
-
COMPANYID
- (REQUIRED) The company UUID to register the extension with - Navigating the Devices section of the ConcealBrowse dashboard -
SITEID
- (REQUIRED) The site UUID to register the extension with - Navigating the Devices section of the ConcealBrowse dashboard -
OVERRIDE_UPDATE_URL
- Specifies where Chrome should download the ConcealBrowse extension. Defaults tohttps://clients2.google.com/service/update2/crx
-
INSTALLATION_MODE
- Controls if and how extensions that you specify are added to Chrome Browser. You can set the installation mode to:force_installed
- (Default, suggested) Automatically install the extension without user interaction. Users can't remove itnormal_installed
-Automatically install the extension without user interaction. Users can disable it
-
TOOLBAR_PIN
- Controls if the extension icon is pinned to the toolbar. You can set the value to:force_pinned
- (Default - Suggested)The extension icon is pinned to the toolbar and visible at all times. The user can't hide it in the extension menu.default_unpinned
- The extension starts hidden in the extension menu, and the user can pin it to the toolbar.
-
ADDLOCAL
- Specifies what features will be installed. The Base feature is what actually installs the helper executable and sets it’s config files. Then Chrome and Edge sets the registry keys required to install for those specific browsers.Base
- Optional if you'd like to limit the browsers that Conceal will be installed on. By default without this command, Conceal will be installed to all supported browsers.
Ex: ‘ADDLOCAL=Base,Chrome,Edge’Chrome
- installs Conceal Browse for ChromeEdge
- installs Conceal Browse for EdgeFirefox
- installs Conceal Browse for FirefoxBrave
- installs Conceal Browse for Brave
REMOVE
- Optionally removes a feature that has been installed-
Chrome
- removes Conceal Browse from ChromeEdge
- removes Conceal Browse from EdgeBrave
- removes Conceal Browse from BraveFirefox
- removes Conceal Browse for FirefoxALL
- removes Conceal Browse from all browsers and deletes installation files
-
Example msiexec usage
The installation can be executed using msiexec with the following arguments:
- Basic installation
msiexec /i ConcealBrowse_Installer_x64.msi
- Custom installation
msiexec /i ConcealInstaller.Windows_x64.msi OVERRIDE_UPDATE_URL="<YOUR UPDATE URL>" INSTALLATION_MODE="<INSTALLATION MODE OPTION>" TOOLBAR_PIN="<TOOLBAR PIN OPTION>"
- Install silently without the UI (must be run in an administrative context)
msiexec /i ConcealInstaller.Windows_x64.msi /qn
Modifying the extension
The extension can be modified using msiexec
Example setting the toolbar pinned state to default_unpinned
msiexec /i ConcealInstaller.Windows_x64.msi TOOLBAR_PIN="default_unpinned" REINSTALL=ALL REINSTALLMODE=omus /L*v "C:\Windows\Temp\ConcealHelper-modify.log"
Removing the extension
The extension can be removed either by uninstalling the ConcealHelper application via the Programs and Features
menu and selecting Uninstall
, or by usingmsiexec.
Once you uninstall ConcealBrowse from a device, the device will not automatically be deleted from the dashboard. You must go into the Conceal dashboard and delete the associated profiles with that device.
msiexec /x ConcealInstaller.Windows_x64.msi /L*v "C:\Windows\Temp\ConcealHelper-uninstall.log"
msiexec /i ConcealInstaller.Windows_x64.msi REMOVE=ALL /L*v "C:\Windows\Temp\ConcealHelper-uninstall.log"
If you would like to only remove specific features you can achieve this with msiexec
msiexec /i ConcealInstaller.Windows_x64.msi REMOVE=Brave /L*v "C:\Windows\Temp\ConcealHelper-uninstall.log"
**IMPORTANT** - If a user wants to manually reinstall ConcealBrowse in the future after uninstalling, they are forced into reinstalling using the MSI. They will not be able to reinstall directly using the Firefox add-ons store.
Since Firefox does not support uninstalling an installation the same way as other browsers, we are forced to leave behind a registry key. This registry key tells Firefox that if ConcealBrowse is installed to then uninstall it, however it also blocks future installation of the extension from the add-ons store. So in the future if the user uninstalled ConcealBrowse, and then tried to install it directly from the Firefox add-ons store, then it will be blocked from installing.
The registry key left behind is:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ExtensionSettings\concealbrowse@conceal .io\installation_mode=blocked
Output
Upon successful installation the following registry keys and files should be created. Upon successful removal the keys and files should all be deleted.
Files
-
C:\ProgramData\Conceal\conceal-helper\conceal-helper.conf
-
C:\ProgramData\Conceal\conceal-helper\conceal-helper.exe
-
C:\ProgramData\Conceal\conceal-helper\conceal-helper-manifest.json
-
C:\ProgramData\Conceal\conceal-helper\conceal-helper-firefox-manifest.json
Registry keys Chrome
-
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\io.conceal.helper
-
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionSettings\jmdpihfpelphmllgmamebdbelmobjfpg\installation_mode
-
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionSettings\jmdpihfpelphmllgmamebdbelmobjfpg\toolbar_pin
-
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionSettings\jmdpihfpelphmllgmamebdbelmobjfpg\update_url
Registry keys Edge
-
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\io.conceal.helper
-
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionSettings\ojjdicpccncniljgdmjcepenkkpmnnmk\installation_mode
-
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionSettings\ojjdicpccncniljgdmjcepenkkpmnnmk\toolbar_state
-
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionSettings\ojjdicpccncniljgdmjcepenkkpmnnmk\update_url
-
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionSettings\ojjdicpccncniljgdmjcepenkkpmnnmk\override_update_url
Registry keys Firefox
-
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\NativeMessagingHosts\io.conceal.helper
-
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ExtensionSettings\concealbrowse@conceal.io\install_url
-
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ExtensionSettings\concealbrowse@conceal.io\installation_mode
-
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ExtensionSettings\concealbrowse@conceal.io\default_area
Registry keys Brave
-
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\io.conceal.helper
-
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\BraveSoftware\Brave\ExtensionSettings\jmdpihfpelphmllgmamebdbelmobjfpg\installation_mode
-
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\BraveSoftware\Brave\ExtensionSettings\jmdpihfpelphmllgmamebdbelmobjfpg\toolbar_pin
-
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\BraveSoftware\Brave\ExtensionSettings\jmdpihfpelphmllgmamebdbelmobjfpg\update_url
Troubleshooting
If you are experiencing difficulties with the installer try enabling logging to see the full installation output
- Log the install process
msiexec /i ConcealInstaller.Windows_x64.msi COMPANYID="<YOUR COMPANY ID>" SITEID="<YOUR SITE ID>" /L*v "C:\Windows\Temp\ConcealHelper-install.log"
- Log the uninstall process
msiexec /x ConcealInstaller.Windows_x64.msi /L*v "C:\Windows\Temp\ConcealHelper-uninstall.log"
*Never hesitate to contact your Customer Success Manager for any questions or concerns. You may also open a support ticket at support.conceal.io by scrolling to the bottom and clicking Submit a request.
Related to:
Was this article helpful?
Articles in this section
- Deploy ConcealBrowse on Windows 10+ using Atera RMM
- Deploy ConcealBrowse on Windows 10+ using Group Policy
- Deploy ConcealBrowse on Windows 10+ using Intune and MSI
- Deploy ConcealBrowse on Windows 10+ using Intune and Win32 app
- Deploy ConcealBrowse on Windows 10+ using JumpCloud MDM
- Deploy ConcealBrowse on Windows 10+ using Kaseya VSA X
- Deploy ConcealBrowse on Windows 10+ using N-Able N-sight RMM
- Deploy ConcealBrowse on Windows 10+ using NinjaOne RMM
- Deploy ConcealBrowse to ChromeOS using ChromeOS Enterprise Management
- Deploying ConcealBrowse through ConnectWise Automate