Link to home
Start Free TrialLog in
Avatar of credog
credog

asked on

Removal of LastPass Chome extension for all

Due to the latest LastPass breach we want to remove all instances of the LastPass Chome extension. LastPass isn't approved for use, but we found several systems that have it installed and are looking for the most efficient way for our admins to get it removed from the various users systems. Any suggestions?  We have BigFix, PowerShell, and GPO.


The LastPass extention ID is - hdokiejnpimakedhajhdlcegeplioahd


It looks like  LastPass creates a directory in:

C:\Users\YOUR USER NAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd


And the only registry entry found at this point it:

HKEY_USERS\S-1-5-21-2781008914-XXXXXXXX-XXXXXXXX-6137\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings


It doesn't appear to create anything in the following, which was surprising:

\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\Extensions\


Avatar of kevinhsieh
kevinhsieh
Flag of United States of America image

ASKER CERTIFIED SOLUTION
Avatar of Jian An Lim
Jian An Lim
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Be aware that the chrome GPOs allow you to whitelist extensions and at the same time block the rest. That's the recommended way for secured environments.