Force Manifest V2 uBlock via MDM

Browser Support Desktop Support
1

Prior to Google removing uBlock Origin from the Chrome Web Store I used to use the following policy to enforce uBlock Origin be installed and enabled as I pushed custom configuration lists for uBlock.

  "ExtensionInstallForcelist": [
    "cjpalhdlnbpafiamejdnhcphjbkeiagm;https://clients2.google.com/service/update2/crx"
  ],

With uBlock Origin installation now being done via Brave directly via Brave’s ManifestV2 force enabling, how can I force uBlock Origin be installed on fresh installations of Brave?

Alternatively, MDM policy for configuring custom lists in Shield would be helpful.

2

Just to make sure you’re aware, it’s installed by going to Settings → Extensions → Manifest V2 Extensions. brave://settings/extensions/v2

I’m not familiar with MDM and am trying to think if it would run similar to Group Policy as is discussed at https://support.brave.app/hc/en-us/articles/360039248271-Group-Policy

But to my knowledge there’s no group policy or enterprise type of solutions to adding or changing specific content filters. I’d have to tag in @Mattches from Brave to see if he would be able to respond back with more helpful and accurate info.

3

I would just toggle uBO “on” in the brave://settings/extensions/v2 page when you install Brave again.

At this time I don’t think there is an MDM setting for filter lists specifically but I do know we have some changes to group policy options coming down the pipeline.

1 Like
4

I’m asking for a way to use brave://policy (which can be managed via MDM) to deploy the Manifest V2 uBlock.

As far as uBlock Origin goes, it does support settings customization via MDM. I’ve been doing that for years as part of how I manage browser security.

5

Right but that’s a manual step. I’m asking for a way to do this via brave://policy which can be forced via MDM.

1 Like
6

Yeah, at which point I think it’s at the situation kind of touched on earlier which is that it likely doesn’t exist at this moment. As Mattches mentioned earlier, they are working on some better improvements to group policy.

Regardless, I’m just another user with a limited knowledge base. I just tend to use my experience as well as any discovered solutions to try to guide people. In both situations I don’t remember ever seeing this come up. This absolutely would be more @Mattches and the devs to better assist with, so I guess we’ll see what they mention.

7

Hmm. That’s unfortunate. There is a possible way to do this now though if Brave can provide some details.

A partial example of a policy that used to install uBlock (cjpalhdlnbpafiamejdnhcphjbkeiagm) from the Chrome Web Store (https://clients2.google.com/service/update2/crx) before they removed it:

{
  "AlwaysOpenPdfExternally": true,
  "ImportSavedPasswords": false,
  "CloudPrintSubmitEnabled": false,
  "ExtensionInstallAllowlist": [
    "cjpalhdlnbpafiamejdnhcphjbkeiagm"
  ],
  "ExtensionInstallForcelist": [
    "cjpalhdlnbpafiamejdnhcphjbkeiagm;https://clients2.google.com/service/update2/crx",
  ]
  "DefaultBrowserSettingEnabled": true
}

If the folks at Brave just shared their uBlock’s new extension ID and crx update URL, then the existing ExtensionInstallForcelist policy should in theory work.

I push these policies out as configuration profiles for macOS to make sure that uBlock is installed and enabled, and a uBlock specific policy keeps it enabled and with some custom lists installed.

For those curious the macOS plist of such a policy for Brave would like like this for the extension above:

Preference Domain: com.brave.Browser.extensions.cjpalhdlnbpafiamejdnhcphjbkeiagm

Contents:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>adminSettings</key>
    <string>{
  "timeStamp": UNIXTIMESTAMPGOESHERE,
  "version": "UBLOCKVERSIONGOESHERE",
  "userSettings": {
    "externalLists": "https://EXAMPLE.COM/itsec/ublockStandard.txt",
    "importedLists": [
      "https://EXAMPLE.COM/itsec/ublockStandard.txt"
    ],
    "popupPanelSections": 63
  },
  "selectedFilterLists": [
    "user-filters",
    "ublock-filters",
    "ublock-badware",
    "ublock-privacy",
    "ublock-unbreak",
    "easylist",
    "easyprivacy",
    "https://EXAMPLE.COM/itsec/ublockStandard.txt"
  ],
  "hiddenSettings": {},
  "whitelist": [
    "about-scheme",
    "chrome-extension-scheme",
    "chrome-scheme",
    "moz-extension-scheme",
    "opera-scheme",
    "vivaldi-scheme",
    "wyciwyg-scheme"
  ],
  "dynamicFilteringString": "",
  "urlFilteringString": "",
  "hostnameSwitchesString": "",
  "userFilters": ""
}</string>
  </dict>
</plist>

This enforces this uBlock configuration on all Brave profiles (unfortunately except private windows as there is no way to force extensions there) and if it’s modified, it will be reset when the browser re-opens.

It’s a nice first line of defense as well as a good way to clean up the internet for end users.