Managing 3rd-Party Extensions

This page includes the following topics:

About managing 3rd-party extensions

The Extensions > Extension Analysis page provides administrative information about the 3rd-party extensions that have been installed on end-user devices in your organization.

Note: You can click any extension in the list of extensions to show additional details about the extension. The additional details are shown in two tabs that appear in a pane that opens on the right: Extension Details and Extension Users.

Extension Analysis page details

The Extension Analysis page can display the following information: *

Extension name

The name of the extension.

  • Hover over the extension name to display the full extension name.

Scan Verdict

[May not yet be available]

FortiMail Browser Security analyzes [scans] all extensions that are enabled in your organization. Each scanned extension is assigned a scan verdict: Clean, Suspicious, or Malicious. You can configure FortiMail Browser Security to disable extensions based on the scan verdict. For details, see Extension detection options.

  • Clean: No malicious content was detected in the extension.

  • Suspicious: Content that is possibly malicious or potentially unwanted was detected in the extension.

  • Malicious: Malicious content was detected in the extension.

  • No verdict:

    • Only Microsoft Edge and Google Chrome extensions that are installed from the official stores are scanned by FortiMail Browser Security. All other extensions are assigned the "No verdict" verdict. [Consequently, extensions that are installed from a zip file will also be assigned the "No verdict" verdict.]

    • "No verdict" will appear for an extension that is installed but that has not yet been scanned by FortiMail Browser Security.

Note: If you have an email integration with FortiMail Workspace Security, then you can click any Suspicious or Malicious scan verdict to display details of the scan. The details will appear in the Scans page in FortiMail Workspace Security.

Extension ID

The ID of the extension.

Browser name

The browser-type on which the extension is installed.

Description

A description of the extension.

  • Hover over the extension description to display the full extension description.

Users rating

The marketplace rating of the extension. [Maximum rating is 5]

  • The Users rating value appears for Google Chrome and Microsoft Edge browsers only. [See Limitations below.]

Category

The category of the extension.

  • Hover over the extension category to display the full extension category.

  • The Category value appears for Google Chrome and Microsoft Edge browsers only. [See Limitations below.]

Marketplace users

The number of users of the extension.

  • The Marketplace users value appears for Google Chrome and Microsoft Edge browsers only. [See Limitations below.]

Spin.AI score

A measure of the risk associated with the extension - as determined by Spin.AI

  • High risk: 1 to 35 [Red]

  • Medium risk: 36 to 65 [Orange]

  • Low risk: 66 to 100 [Green]

For more information about the Spin.AI risk score, see here.

  • The Spin.AI score appears for Google Chrome and Microsoft Edge browsers only. [See Limitations below.]

Spin.AI report

A link to a risk report in Spin.AI - showing details of the risk score - and other details about the extension.

  • The Spin.AI report link appears for Google Chrome and Microsoft Edge browsers only. [See Limitations below.]

  • For more information about the Spin.AI report, see here.

Installs

The number of installations of the extension - enabled or disabled - in your organization.

  • Hover over the value to display a list of all the installations of the extension - both enabled and disabled.

Installs (enabled)

The number of installations of the extension - that are currently enabled - in your organization.

  • Hover over the value to display a list of all the enabled installations of the extension.

Installs (disabled)

The number of installations of the extension - that are currently disabled - in your organization.

  • Hover over the value to display a list of all the disabled installations of the extension.

Permissions

The number of permissions that are required by the extension.

  • Hover over the value to display a list of all the permissions.

Note:

  • Hover over any Permissions value to display all the permissions that are required by that extension.

  • Click the Filter icon [] to show only those extensions that require the permissions that you specify.

* Note for Google Chrome browsers: If there's limited information about a specific extension [for example, the Spin.AI score is 0 or there is no Spin.AI link], this may indicate that the extension is from an unknown source. Such an extension may have been sideloaded [by the end-user or by an admin user - from a CRX file] or removed from the Chrome Web Store. Both of these scenarios may pose significant risks. See also Limitations below.

  • You can click the Export to CSV button [in the bottom-left corner] to generate and download a CSV file that contains the displayed 3rd-party extension information.

  • You can select which columns to display, and the display order of the columns; and you can filter and sort on some of the columns.

  • For information about monitoring FortiMail Browser Security extension activity, see Events Page.

  • For information about how to install the FortiMail Browser Security Browser Extension, see Deploying the extension [Managed deployment].

  • For information about how to enforce policies for enabling 3rd-party extensions, see Extension rules.

Limitations

Affected browsers

Limitation

Safari

The Extension Analysis page doesn't display any information about Safari extensions.

Microsoft Edge

The Extension Analysis page displays comprehensive information for Microsoft Edge extensions that were added from the Chrome Web Store. The Extension Analysis page displays limited information for Microsoft Edge extensions that were added from the Edge Add-ons store.

Firefox

The Extension Analysis page displays limited information about Firefox extensions - for example, Spin.AI information is not displayed.

See also: