Anti-Virus Bitdefender locking Preference security.enterprise_roots.enabled impacting DoH
Hello's I enabled DoH and Firefox documentation states that "to determine whether to use/bypass the enabled DoH option, Firefox checks amongst other things whether the preference security.enterprise_roots.enabled is set to true. This preference is set to true and locked in my browser, and my device is not corporate controlled. Further investigating I found a config file in the /defaults/pref folder that is added by Bitdefender my anti-virus product. Two questions: With this setting set to True, does that mean that Firefox will ignore the enabled DoH and use my configured resolvers? How can I prevent my anti-virus product from modifying this setting? I have a support question out to them but they are dragging their feet with their response. Thanks, sky.
All Replies (9)
You should contact Bitdefender if you have a question about their software.
AV software usually does this because they want to inject their root certificate in Firefox to be able to intercept the secure connection, so you need to check the settings in Bitdefender to disable this feature.
Hello and thanks for your response.
- I have a case open with Bitdefender. Waiting on them.
- In Bitdefender, I had/have the setting called out in the link you sent disabled but the preference setting "security.enterprise_roots.enabled" is still controlled by bitdefender and is set to true and locked.
Is there no way to lock products from these settings if desired?
Thanks, Sky.
I have a similar problem - Firefox tells me I'm behind enterprise controls, and I am not. I tried to follow the instructions to turn that off, but security.enterprise_roots.enabled is locked true.
But I DON'T have Bitdefender, so that can't be causing it. I can only see one file in the /defaults/pres folder, and there's no indication of what set it.
Looking at the provided link, I tried turning off the web controls on both AVG and Malwarebytes, to no avail. I also have Spybot-Search & Destroy, but it hasn't got a similar control. (I'm using Windows 7, and just downloaded Firefox.)
ekbond said
I can only see one file in the /defaults/pres folder, and there's no indication of what set it.
If this is your personal/home computer, I suggest removing that file unless you can verify that you really want it there.
I renamed it to .old in case it was actually needed, which should have had the same effect, and no good - still locked.
Hi ekbond, does Firefox show a policy is in effect on the about:policies page?
Can you check for an Autoconfig file in the path described in this article: Customizing Firefox Using AutoConfig.
This is usually done via a policies.json file in the distribution folder in the Firefox program folder or via GPO.
- https://support.mozilla.org/en-US/kb/customizing-firefox-using-group-policy
- https://support.mozilla.org/en-US/kb/customizing-firefox-using-policiesjson
You can inspect the Mozilla and Firefox keys with the Windows Registry Editor in HKEY_LOCAL_MACHINE and possibly in HKEY_CURRENT_USER with the Windows Registry Editor to see whether GPO policy rules are active.
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\
Note that the mere presence of the "MozillaFirefox" key is sufficient to make Firefox display this notification, so if you have the Firefox key then remove it and only leave the Mozilla key or remove this key as well if it is empty.
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ =>
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\
jscher2000 said
Hi ekbond, does Firefox show a policy is in effect on the about:policies page?
Yes it does. "ImportEnterpriseRoots".
Can you check for an Autoconfig file in the path described in this article: Customizing Firefox Using AutoConfig.
neither of the files mentioned is there.
None of these are there.
I downloaded the latest Firefox directly from Mozilla, and there shouldn't be any kind of group policy - this is my home computer.
cor-el said
This is usually done via a policies.json file in the distribution folder in the Firefox program folder or via GPO.You can inspect the Mozilla and Firefox keys with the Windows Registry Editor in HKEY_LOCAL_MACHINE and possibly in HKEY_CURRENT_USER with the Windows Registry Editor to see whether GPO policy rules are active.
- https://support.mozilla.org/en-US/kb/customizing-firefox-using-group-policy
- https://support.mozilla.org/en-US/kb/customizing-firefox-using-policiesjson
Note that the mere presence of the "MozillaFirefox" key is sufficient to make Firefox display this notification, so if you have the Firefox key then remove it and only leave the Mozilla key or remove this key as well if it is empty.
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ =>
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\