Description

This guide outlines troubleshooting and FAQs for the ConcealBrowse MSI installer.

Getting Started

Make sure to review the Deploying ConcealBrowse through the MSI for initial deployment instructions and details. Below will outline some common problems and resolutions seen upon deployment.

• Expected Installation Outcome
• What to do when this expected outcome does not happen?
  • Force sync the extension
  • View the extension’s error logs
  • Expected Files and Registry Keys
  • Native Messaging Host Communication
• Browser Specific Troubleshooting
  • Chrome
  • Edge
  • Firefox

Expected Installation Outcome

Upon successful installation the user should be able to open each browser for which ConcealBrowse was installed and see the extension being installed, and have a “Protection is active” on the bottom left.

Expected installation outcome

What to do when this expected outcome does not happen?

Force sync the extension

If the extension is installing but not authenticating first attempt to force the extension to sync with our servers. This will cause the extension to check in with our servers and will update all the extension policies.

Forcibly sync the extension

View the extension’s error logs

You can view the extension’s error logs by choosing the Open app option from the hamburger menu and then selecting System → Logs and scrolling down to view the Error Log.

Select 'Open app' from the hamburger menu

View the 'Error Log'

Expected Files and Registry Keys

Next, ensure that the following files and registry keys were created. This is the simplest method to determine whether or not there was an issue in the installation process. If files or registry keys are missing then attempt to reinstall ConcealBrowse again and ensure that the user performing the install is an administrative user. The install process requires registry keys to be created which can not be performed as an unprivileged user.

Files

• C:\ProgramData\Conceal\conceal-helper\conceal-helper.conf

• C:\ProgramData\Conceal\conceal-helper\conceal-helper.exe

• C:\ProgramData\Conceal\conceal-helper\conceal-helper-manifest.json

• C:\ProgramData\Conceal\conceal-helper\conceal-helper-firefox-manifest.json

Configuration files for the Native Messaging application

Registry keys for Chrome

• HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\io.conceal.helper

• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionSettings\jmdpihfpelphmllgmamebdbelmobjfpg\installation_mode

• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionSettings\jmdpihfpelphmllgmamebdbelmobjfpg\toolbar_pin

• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionSettings\jmdpihfpelphmllgmamebdbelmobjfpg\update_url

• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionSettings\jmdpihfpelphmllgmamebdbelmobjfpg\override_update_url

Registry key that tells Chrome where to find the Native Messaging manifest

Registry keys enabling ConcealBrowse in Chrome and setting the extension's properties

Registry keys for Edge

• HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\io.conceal.helper

• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionSettings\ojjdicpccncniljgdmjcepenkkpmnnmk\installation_mode

• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionSettings\ojjdicpccncniljgdmjcepenkkpmnnmk\toolbar_state

• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionSettings\ojjdicpccncniljgdmjcepenkkpmnnmk\update_url

• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionSettings\ojjdicpccncniljgdmjcepenkkpmnnmk\override_update_url

Registry key that tells Edge where to find the Native Messaging manifest

Registry keys enabling ConcealBrowse in Edge and setting the extension's properties

Registry keys for Firefox

• HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\NativeMessagingHosts\io.conceal.helper

• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ExtensionSettings\concealbrowse@conceal.io\install_url

• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ExtensionSettings\concealbrowse@conceal.io\installation_mode

• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ExtensionSettings\concealbrowse@conceal.io\default_area

Registry key that tells Firefox where to find the Native Messaging manifest

Registry keys enabling ConcealBrowse in Firefox and setting the extension's properties

Registry keys for Brave

• HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\io.conceal.helper

• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\BraveSoftware\Brave\ExtensionSettings\jmdpihfpelphmllgmamebdbelmobjfpg\installation_mode

• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\BraveSoftware\Brave\ExtensionSettings\jmdpihfpelphmllgmamebdbelmobjfpg\toolbar_pin

• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\BraveSoftware\Brave\ExtensionSettings\jmdpihfpelphmllgmamebdbelmobjfpg\update_url

• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\BraveSoftware\Brave\ExtensionSettings\jmdpihfpelphmllgmamebdbelmobjfpg\override_update_url

Brave uses the same registry key as Chrome to find the Native Messaging manifest

Registry keys enabling ConcealBrowse in Brave and setting the extension's properties

Native Messaging Host Communication

One of the most frequent problems we encounter is issues communicating with the Native Messaging Host. Very often this problem occurs when low privilege users do not have the ability to execute the Native Messaging Host. To validate the user is able to execute the Native Messaging Host open a Command Prompt cmd.exe as that user (NOT as admin) and run the executable.

C:\ProgramData\Conceal\conceal-helper\conceal-helper.exe

If successful you will see the following error message.

Successful execution of the conceal-helper.exe

Most of the time when the conceal-helper.exe is unable to be ran it is because there is a Group Policy or EDR restriction in place preventing unknown binaries from running. If necessary, add the conceal-helper.exe binary to your allow list.

Browser Specific Troubleshooting

Chrome

Browser Policy

If the browser was opened when you installed ConcealBrowse, or if the browser did not pick up the policy change, then you can force it to reload the policy. Additionally, this will allow you to see if there are any errors with the policy.

Browse to chrome://policy then click the Reload Policies button. A valid policy will look like the following, if there are any errors then the extension will not load.

Valid policy showing all the extension settings and a Status OK

Gather information from the service worker

1. Browse to chrome://serviceworker-internals. You should see our extension ID jmdpihfpelphmllgmamebdbelmobjfpg as well as a Log section and the Inspect button. Make a note of any errors within the Log field and then press Inspect.
   
   

   After pressing Inspect a new DevTools window will spawn and should default to the Console tab. Have the user change the log level to include Verbose logs.

   

2. Retrieve the current status of all the information the extension has stored locally chrome.storage.local.get(null).then((s) => { console.log(s) }). After a successful authentication attempt the token field should not be empty.
   

3. Validate that the ConcealBrowse extension is able to communicate with our Native Messaging host.

   chrome.runtime.sendNativeMessage('io.conceal.helper', {query: 'assetInfo', messageId: 'checkin'}).then((e) => { console.log(e) })
   
   

4. Validate that the registration information being provided by it is accurate. The companyId and siteId should match your tenant's device registration information.

   chrome.runtime.sendNativeMessage('io.conceal.helper', {query: 'registrationInfo', messageId: 'register'}).then((e) => { console.log(e) })
   
   
   
   

5. If you are having issues with this Native Messaging communication and you also have ThreatLocker deployed on this device please reference this article https://support.conceal.io/hc/en-us/articles/21871064248987-Possible-ThreatLocker-effects-when-deploying-ConcealBrowse.

User-based install to device-based

Another common issue is when customers convert from a user-based install to a device-based install. If you are experiencing authentication issues after converting your user-based install to a device-based install please open the service worker and run the following two commands.

chrome.storage.local.remove('deviceId');

chrome.storage.local.set({simulateReload: true});

Edge

Browser Policy

If the browser was opened when you installed ConcealBrowse, or if the browser did not pick up the policy change, then you can force it to reload the policy. Additionally, this will allow you to see if there are any errors with the policy.

Browse to edge://policy then click the Reload Policies button. A valid policy will look like the following, if there are any errors then the extension will not load.

Valid policy showing all extension settings and a Status OK

Gather information from the service worker

1. Browse to edge://serviceworker-internals. You should see our extension ID ojjdicpccncniljgdmjcepenkkpmnnmk as well as a Log section and the Inspect button. Make a note of any errors within the Log field and then press Inspect.
   

   After pressing Inspect a new DevTools window will spawn and should default to the Console tab. Have the user change the log level to include Verbose logs.
   

2. Retrieve the current status of all the information the extension has stored locally chrome.storage.local.get(null).then((s) => { console.log(s) }). After a successful authentication attempt the token field should not be empty.
   
   
   

3. Validate that the ConcealBrowse extension is able to communicate with our Native Messaging host.
   

   chrome.runtime.sendNativeMessage('io.conceal.helper', {query: 'assetInfo', messageId: 'checkin'}).then((e) => { console.log(e) })
   
   
   
   

4. Validate that the registration information being provided by it is accurate. The companyId and siteId should match your tenant's device registration information.

   chrome.runtime.sendNativeMessage('io.conceal.helper', {query: 'registrationInfo', messageId: 'register'}).then((e) => { console.log(e) })
   
   
   

5. If you are having issues with this Native Messaging communication and you also have ThreatLocker deployed on this device please reference this article https://support.conceal.io/hc/en-us/articles/21871064248987-Possible-ThreatLocker-effects-when-deploying-ConcealBrowse.

User-based install to device-based

Another common issue is when customers convert from a user-based install to a device-based install. If you are experiencing authentication issues after converting your user-based install to a device-based install please open the service worker and run the following two commands.

chrome.storage.local.remove('deviceId');

chrome.storage.local.set({simulateReload: true});

Firefox

Browser Policy

If the browser was opened when you installed ConcealBrowse, or if the browser did not pick up the policy change, then you can view the policy that is currently being used. Unfortunately Firefox does not provide a convenient method to forcibly reload the browser policy so you instead have to close and reopen the browser.

To view the currently active policy browse to about:policies

View Firefox's active policies

Gather information from the service worker

1. Browse to about:debugging#/runtime/this-firefox. You should see our extension ID concealbrowse@conceal.io as well as an Inspect button.
   
   After pressing Inspect a new Developer Tools window will spawn and should default to the Console tab. Have the user ensure all log levels are selected.
   
   
   
   

2. Retrieve the current status of all the information the extension has stored locally browser.storage.local.get(null).then((s) => { console.log(s) }). After a successful authentication attempt the token field should not be empty.
   
   
   
   

3. Validate that the ConcealBrowse extension is able to communicate with our Native Messaging host.

   browser.runtime.sendNativeMessage('io.conceal.helper', {query: 'assetInfo', messageId: 'checkin'}).then((e) => { console.log(e) })
   
   
   
   

4. Validate that the registration information being provided by it is accurate. The companyId and siteId should match your tenant's device registration information.

   browser.runtime.sendNativeMessage('io.conceal.helper', {query: 'registrationInfo', messageId: 'register'}).then((e) => { console.log(e) })
   
   

User-based install to device-based

Another common issue is when customers convert from a user-based install to a device-based install. If you are experiencing authentication issues after converting your user-based install to a device-based install please open the service worker and run the following two commands.

browser.storage.local.remove('deviceId');

browser.storage.local.set({simulateReload: true});