Remove and block Webroot Web Threat Shield extension from Chrome and Edge.

README.md

Remove and Block Webroot Web Threat Shield Extension from Chrome and Edge

This PowerShell script is designed to remove and block Webroot's Web Threat Shield browser extension from Chrome and Edge.

Note: This script does not support Firefox. It specifically targets only Chrome and Edge.

When you disable Web Threat Shield within Webroot, the extension may remain installed in users' browsers. Additionally, even if you manually remove the extension, Webroot may attempt to reinstall it.

This script uses simple and safe registry modifications to remove and block the installation of the extension without requiring a browser or system restart. The browser remains open during the process.

Requirements

• Administrative Privileges: This script requires administrator rights, as it modifies registry entries under HKLM (HKEY_LOCAL_MACHINE).

Usage

Note: By default, the script will remove and block Webroot Threat shield.

1. At the bottom of the script there is a Commands section. Simply comment/uncomment the commands you need at the bottom of the script: Remove-WebrootThreatShield, Block-WebrootThreatShield, or Unblock-WebrootThreatShield
2. Run the script

Note

Take a look at Manage-Browser-Extensions for an up-to-date set of extension management functions.

Remove-WebrootThreatShield.ps1

# ============================================================================ #
# Author: asheroto
# ============================================================================ #

# ============================================================================ #
# Extension Management for Chrome and Edge Browsers
# ============================================================================ #

# Custom objects for storing extension information
$extensionRegistryPaths = @{
    "Chrome" = [PSCustomObject]@{
        BlocklistPath  = "HKLM:\SOFTWARE\Policies\Google\Chrome\ExtensionInstallBlocklist"
        ExtensionPaths = @(
            "HKLM:\SOFTWARE\WOW6432Node\Google\Chrome\Extensions",
            "HKLM:\SOFTWARE\Google\Chrome\Extensions"
        )
    }
    "Edge"   = [PSCustomObject]@{
        BlocklistPath  = "HKLM:\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallBlocklist"
        ExtensionPaths = @(
            "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Edge\Extensions",
            "HKLM:\SOFTWARE\Microsoft\Edge\Extensions"
        )
    }
}

# Function to get the next available name in a registry path
Function Get-NextAvailableName {
    [CmdletBinding()]
    Param (
        [Parameter(Mandatory = $true)]
        [string]$RegistryPath
    )

    # Retrieve existing property names in the registry key if it exists
    $existingNames = @()
    if (Test-Path -Path $RegistryPath) {
        $itemProperties = Get-ItemProperty -Path $RegistryPath
        if ($itemProperties) {
            $existingNames = ($itemProperties | Get-Member -MemberType Properties | Select-Object -ExpandProperty Name)
        }
    }

    # Find the next available numeric name
    $index = 1
    while ($existingNames -contains $index.ToString()) {
        $index++
    }
    return $index.ToString()
}

# Function to find an extension ID in the blocklist and return the property name if it exists
Function Find-Extension {
    [CmdletBinding()]
    Param (
        [Parameter(Mandatory = $true)]
        [string]$RegistryPath,
        [Parameter(Mandatory = $true)]
        [string]$ExtensionID
    )

    if (Test-Path -Path $RegistryPath) {
        $existingProperties = Get-Item -Path $RegistryPath
        foreach ($property in $existingProperties.Property) {
            # Retrieve the value of each property directly
            $propertyValue = Get-ItemPropertyValue -Path $RegistryPath -Name $property
            if ($propertyValue -eq $ExtensionID) {
                return $property  # Return the property name if the extension exists
            }
        }
    }
    return $null  # Return null if the extension doesn't exist
}

# Function to block an extension by adding it to the blocklist without duplicating entries
Function Block-Extension {
    [CmdletBinding()]
    Param (
        [Parameter(Mandatory = $true)]
        [string]$Browser,
        [Parameter(Mandatory = $true)]
        [string]$ExtensionID
    )

    # Retrieve the registry path object for the specified browser
    $registryPaths = $extensionRegistryPaths[$Browser]
    if (-not $registryPaths) {
        throw "Unsupported browser: $Browser"
    }

    # Ensure blocklist registry path exists
    $blocklistPath = $registryPaths.BlocklistPath
    if (!(Test-Path -Path $blocklistPath)) {
        New-Item -Path $blocklistPath -Force | Out-Null
    }

    # Use Find-Extension to check if the extension ID is already blocked
    $existingProperty = Find-Extension -RegistryPath $blocklistPath -ExtensionID $ExtensionID
    if ($existingProperty) {
        Write-Output "$Browser extension: $ExtensionID is already blocked under name $existingProperty"
        return
    }

    # Get the next available name and add the extension to the blocklist if not already present
    $nextAvailableName = Get-NextAvailableName -RegistryPath $blocklistPath
    New-ItemProperty -Path $blocklistPath -Name $nextAvailableName -Value $ExtensionID -PropertyType String -Force | Out-Null
    Write-Output "Blocked $Browser extension: $ExtensionID under name $nextAvailableName"
}

# Function to unblock an extension by removing all matching entries from the blocklist
Function Unblock-Extension {
    [CmdletBinding()]
    Param (
        [Parameter(Mandatory = $true)]
        [string]$Browser,
        [Parameter(Mandatory = $true)]
        [string]$ExtensionID
    )

    # Retrieve the registry path object for the specified browser
    $registryPaths = $extensionRegistryPaths[$Browser]
    if (-not $registryPaths) {
        throw "Unsupported browser: $Browser"
    }

    # Get the blocklist path for the specified browser
    $blocklistPath = $registryPaths.BlocklistPath
    if (Test-Path -Path $blocklistPath) {
        $removed = $false
        # Use Find-Extension to locate the extension property name, if it exists
        while ($property = Find-Extension -RegistryPath $blocklistPath -ExtensionID $ExtensionID) {
            Remove-ItemProperty -Path $blocklistPath -Name $property -Force
            Write-Output "Unblocked $Browser extension: $ExtensionID by removing name $property"
            $removed = $true
        }
        if (-not $removed) {
            Write-Output "Extension ID $ExtensionID not found in $Browser blocklist."
        }
    } else {
        Write-Output "Blocklist path does not exist for $Browser."
    }
}

# Function to remove an extension from all relevant registry paths
Function Remove-Extension {
    [CmdletBinding()]
    Param (
        [Parameter(Mandatory = $true)]
        [string]$Browser,
        [Parameter(Mandatory = $true)]
        [string]$ExtensionID
    )

    # Retrieve the registry path object for the specified browser
    $registryPaths = $extensionRegistryPaths[$Browser]
    if (-not $registryPaths) {
        throw "Unsupported browser: $Browser"
    }

    # Iterate over each extension path and attempt to remove the specified extension
    foreach ($path in $registryPaths.ExtensionPaths) {
        $extensionPath = Join-Path -Path $path -ChildPath $ExtensionID
        Remove-RegistryKey -RegistryPath $extensionPath
    }
}

# Function to remove a specific registry key
Function Remove-RegistryKey {
    [CmdletBinding()]
    Param (
        [Parameter(Mandatory = $true)]
        [string]$RegistryPath
    )

    try {
        if (Test-Path -Path $RegistryPath) {
            Remove-Item -Path $RegistryPath -Force -ErrorAction Stop
            Write-Output "Successfully removed: $RegistryPath"
        } else {
            Write-Output "Registry path does not exist: $RegistryPath"
        }
    } catch {
        Write-Output "Error removing registry path: $RegistryPath - $_"
    }
}

# ============================================================================ #
# Webroot Threat Shield Extension Management
# ============================================================================ #

# Function to remove all Webroot Threat Shield extensions from Chrome & Edge
Function Remove-WebrootThreatShield {
    Write-Output "Removing Webroot Threat Shield extensions..."
    Remove-Extension -Browser "Chrome" -ExtensionID "kjeghcllfecehndceplomkocgfbklffd"
    Remove-Extension -Browser "Edge" -ExtensionID "fmkaflbamgddpjacdmjlkhbnpnlemaea"
    Write-Output ""
}

# Function to block all Webroot Threat Shield extensions in Chrome & Edge
Function Block-WebrootThreatShield {
    Write-Output "Blocking Webroot Threat Shield extensions..."
    Block-Extension -Browser "Chrome" -ExtensionID "kjeghcllfecehndceplomkocgfbklffd"
    Block-Extension -Browser "Edge" -ExtensionID "fmkaflbamgddpjacdmjlkhbnpnlemaea"
    Write-Output ""
}

# Function to unblock all Webroot Threat Shield extensions in Chrome & Edge
Function Unblock-WebrootThreatShield {
    Write-Output "Unblocking Webroot Threat Shield extensions..."
    Unblock-Extension -Browser "Chrome" -ExtensionID "kjeghcllfecehndceplomkocgfbklffd"
    Unblock-Extension -Browser "Edge" -ExtensionID "fmkaflbamgddpjacdmjlkhbnpnlemaea"
    Write-Output ""
}

# ============================================================================ #
# Commands
# ============================================================================ #

# Remove Webroot Threat Shield extensions from Chrome & Edge
Remove-WebrootThreatShield

# Block Webroot Threat Shield extensions in Chrome & Edge
Block-WebrootThreatShield

# Unblock Webroot Threat Shield extensions in Chrome & Edge
# Unblock-WebrootThreatShield