X
Tap here to go to the mobile version of the site.
Scheduled maintenance: Monday, March 30, between 3:30pm and 5:30pm UTC. This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn’t solve your issue and you want to ask a question, we have our support community waiting to help you at @firefox on Twitter

Support Forum

'Your Browser Is Being Managed By Your Organization'-Issue Resolved

Posted

Firefox 73.0.1

It is being used on a home desktop running Win 7 Home Premium.

In 'Tools->Options->General,' a blue link states 'Your Browser Is Being Managed By Your Organization.'

When I click on the link, a new tab opens with 'Enterprise Policies' stating:

'Policy Name': 'Certificates'

'Policy Value ': ImportEnterpriseRoots'

'Value': 'True'

Are they the settings that I want or am I missing something?

Firefox 73.0.1 It is being used on a home desktop running Win 7 Home Premium. In 'Tools->Options->General,' a blue link states 'Your Browser Is Being Managed By Your Organization.' When I click on the link, a new tab opens with 'Enterprise Policies' stating: 'Policy Name': 'Certificates' 'Policy Value ': ImportEnterpriseRoots' 'Value': 'True' Are they the settings that I want or am I missing something?

Modified by Buddy2014

Chosen solution

Quote

Additional System Details

Installed Plug-ins

  • Shockwave Flash 32.0 r0

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0

More Information

cor-el
  • Top 10 Contributor
  • Moderator
17846 solutions 161524 answers

What security software do you have ?

This is usually caused by security software that want to add its root certificate to Firefox to be able to inject itself in your internet connection (i.e. acts as a man-in-the-middle).

See also:

What security software do you have ? This is usually caused by security software that want to add its root certificate to Firefox to be able to inject itself in your internet connection (i.e. acts as a man-in-the-middle). See also: *https://support.mozilla.org/en-US/kb/error-codes-secure-websites
Was this helpful to you?
Quote

Question owner


--------

Modified by Buddy2014

Was this helpful to you?
Quote
cor-el
  • Top 10 Contributor
  • Moderator
17846 solutions 161524 answers

You can see the step for Avast is the article I linked above:

It is up to you the decide if you want Avast to inspect your internet traffic and warn you if they think something is suspicious.

Firefox comes with builtin means to check websites that won't work properly in case other software replaces the website certificate.

See also:

You can see the step for Avast is the article I linked above: *https://support.mozilla.org/en-US/kb/error-codes-secure-websites It is up to you the decide if you want Avast to inspect your internet traffic and warn you if they think something is suspicious. Firefox comes with builtin means to check websites that won't work properly in case other software replaces the website certificate. *https://support.mozilla.org/en-US/kb/what-does-your-connection-is-not-secure-mean *https://support.mozilla.org/en-US/kb/troubleshoot-time-errors-secure-websites *https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message See also: *https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop *https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work
Was this helpful to you?
Quote

Question owner


-----------

Modified by Buddy2014

Was this helpful to you?
Quote
jscher2000
  • Top 10 Contributor
8950 solutions 73359 answers

Hi Buddy2014, most likely, your locally installed Avast software is already intercepting your browsing on all browsers. That is the Web Shield feature.

The reason for the policy is so Firefox uses certificates in the Windows system certificate store to verify the fake site certificates the Avast software creates. (Any "man in the middle" needs to create fake certificates, not just Avast.)

If you get rid of the setting forced by the policy and Firefox goes back to using its own certificate store, then Avast's fake certificates won't be trusted and you won't be able to visit HTTPS addresses. To resolve that issue, you can import the Avast signing certificate into Firefox's certificate store so the fakes are trusted.

Hi Buddy2014, most likely, your locally installed Avast software is already intercepting your browsing on all browsers. That is the Web Shield feature. The reason for the policy is so Firefox uses certificates in the Windows system certificate store to verify the fake site certificates the Avast software creates. (Any "man in the middle" needs to create fake certificates, not just Avast.) If you get rid of the setting forced by the policy and Firefox goes back to using its own certificate store, then Avast's fake certificates won't be trusted and you won't be able to visit HTTPS addresses. To resolve that issue, you can import the Avast signing certificate into Firefox's certificate store so the fakes are trusted.
Was this helpful to you?
Quote

Question owner


---------------------------

Modified by Buddy2014

Was this helpful to you?
Quote
cor-el
  • Top 10 Contributor
  • Moderator
17846 solutions 161524 answers

The mere presence of the "Mozilla\Firefox" key in the Windows Registry is sufficient to make Firefox display this notification, so if you would still get this notification when you disable this in Avast then check the Windows Registry.

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ =>
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\
The mere presence of the "Mozilla\Firefox" key in the Windows Registry is sufficient to make Firefox display this notification, so if you would still get this notification when you disable this in Avast then check the Windows Registry. *HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ =><br>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\
Was this helpful to you?
Quote

Question owner


----------------------

Modified by Buddy2014

Was this helpful to you?
Quote
jscher2000
  • Top 10 Contributor
8950 solutions 73359 answers

Hi Buddy2014, I personally prefer to have Firefox use its own certificate store. However, because you have a man in the middle, it takes more work to set up Firefox to trust its fake certificates than to accept the change to using the Windows system certificate store. If you accept the change, then you can leave the policy "as is" and not have to fight with Avast about who controls your Firefox configuration.

Hi Buddy2014, I personally prefer to have Firefox use its own certificate store. However, because you have a man in the middle, it takes more work to set up Firefox to trust its fake certificates than to accept the change to using the Windows system certificate store. If you accept the change, then you can leave the policy "as is" and not have to fight with Avast about who controls your Firefox configuration.
Was this helpful to you?
Quote

Question owner


------------------

Modified by Buddy2014

Was this helpful to you?
Quote
jscher2000
  • Top 10 Contributor
8950 solutions 73359 answers

Letting Avast change your settings is the path of least resistance if you are using Avast Web Shield.

In my opinion, that is not "best" but each person gets to make their own choice.

Letting Avast change your settings is the path of least resistance if you are using Avast Web Shield. In my opinion, that is not "best" but each person gets to make their own choice.
Was this helpful to you?
Quote

Question owner


--------------------

Modified by Buddy2014

Was this helpful to you?
Quote
cor-el
  • Top 10 Contributor
  • Moderator
17846 solutions 161524 answers

When you have enabled Web Shield in Avast then Avast will act as a "man in the middle" and this requires the fake Avast certificate installed in the Firefox Certificate Manager to work properly because otherwise each website would be distrusted. Installing this fake certificate can be done in two ways, one is to let Firefox import this certificate automatically (this gives the warning) and the other is to import this fake certificate manually yourself in the Certificate Manager and set the appropriate trust bit(s). In case of the latter you won't see the notification text because Firefox isn't importing the certificate each time you start Firefox.

If you to not use the Avast "Web Shield" feature then Firefox will use its own certificate checks to see if there is a problem with the connection and with the website certificate.

When you have enabled Web Shield in Avast then Avast will act as a "man in the middle" and this requires the fake Avast certificate installed in the Firefox Certificate Manager to work properly because otherwise each website would be distrusted. Installing this fake certificate can be done in two ways, one is to let Firefox import this certificate automatically (this gives the warning) and the other is to import this fake certificate manually yourself in the Certificate Manager and set the appropriate trust bit(s). In case of the latter you won't see the notification text because Firefox isn't importing the certificate each time you start Firefox. If you to not use the Avast "Web Shield" feature then Firefox will use its own certificate checks to see if there is a problem with the connection and with the website certificate. *https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work *https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message
Was this helpful to you?
Quote

Question owner


----------------

Modified by Buddy2014

Was this helpful to you?
Quote
jscher2000
  • Top 10 Contributor
8950 solutions 73359 answers

Buddy2014 said

1a. Does 'organization,' in the context of 'Your Browser Is Being Managed By Your Organization,' refer to Avast?

This means a policy was set either in the Windows Registry or in a policies.json file. Firefox cannot tell who or what set the policy. Since the policies feature was intended for companies that manage their employees' computers, it refers to "Your Organization".

In your case, based on what the policy does, it probably was set by your Avast software.

The message will persist until the registry entry or policy file is removed.

''Buddy2014 [[#answer-1296602|said]]'' <blockquote>1a. Does 'organization,' in the context of 'Your Browser Is Being Managed By Your Organization,' refer to Avast?</blockquote> This means a policy was set either in the Windows Registry or in a policies.json file. Firefox cannot tell who or what set the policy. Since the policies feature was intended for companies that manage their employees' computers, it refers to "Your Organization". In your case, based on what the policy does, it probably was set by your Avast software. The message will persist until the registry entry or policy file is removed.
Was this helpful to you?
Quote

Question owner


----------

Modified by Buddy2014

Was this helpful to you?
Quote
cor-el
  • Top 10 Contributor
  • Moderator
17846 solutions 161524 answers

If you see the notification then Firefox has likely imported the fake certificate and you will have to accept seeing this notification if you trust Avast and want to use the Avast Web Shield feature.

If you see the notification then Firefox has likely imported the fake certificate and you will have to accept seeing this notification if you trust Avast and want to use the Avast Web Shield feature.
Was this helpful to you?
Quote

Question owner


--------------

Modified by Buddy2014

Was this helpful to you?
Quote
jscher2000
  • Top 10 Contributor
8950 solutions 73359 answers

Buddy2014 said

Knowing this, has Firefox automatically imported this fake Avast certificate or do I have to import it manually and set the trust level?

I don't use Avast so I don't know how you can check whether it was already imported.

Generally speaking, if you want to check whether a signing certificate exists in Firefox's certificate store you would go to the Options/Preferences page:

  • Windows: "3-bar" menu button (or Tools menu) > Options
  • Mac: "3-bar" menu button (or Firefox menu) > Preferences
  • Linux: "3-bar" menu button (or Edit menu) > Preferences
  • Any system: type or paste about:preferences into the address bar and press Enter/Return to load it

In the small search box at the top of the page, type cert and Firefox should filter to the "Certificates" section.

Click the "View Certificates" button. Then if it does not already have a blue underline, click Authorities to select that list.

I don't know what the Avast certificate issuing authority is called, but you might be able to spot it as you scroll down.

If it has automatically been done, then why is the Your Browser Is Being Managed By Your Organization' notification still being displayed?

The message will persist until the registry entry or policy file is removed.

''Buddy2014 [[#answer-1296627|said]]'' <blockquote>Knowing this, has Firefox automatically imported this fake Avast certificate or do I have to import it manually and set the trust level? </blockquote> I don't use Avast so I don't know how you can check whether it was already imported. Generally speaking, if you want to check whether a signing certificate exists in Firefox's certificate store you would go to the Options/Preferences page: * Windows: "3-bar" menu button (or Tools menu) > Options * Mac: "3-bar" menu button (or Firefox menu) > Preferences * Linux: "3-bar" menu button (or Edit menu) > Preferences * Any system: type or paste '''about:preferences''' into the address bar and press Enter/Return to load it In the small search box at the top of the page, type ''cert'' and Firefox should filter to the "Certificates" section. Click the "View Certificates" button. Then if it does not already have a blue underline, click Authorities to select that list. <center><img src="https://user-media-prod-cdn.itsre-sumo.mozilla.net/uploads/images/2020-03-10-18-08-20-ed3733.png" width="500"></center> I don't know what the Avast certificate issuing authority is called, but you might be able to spot it as you scroll down. <blockquote>If it has automatically been done, then why is the Your Browser Is Being Managed By Your Organization' notification still being displayed? </blockquote> The message will persist until the registry entry or policy file is removed.
Was this helpful to you?
Quote

Question owner


---------------

Modified by Buddy2014

Was this helpful to you?
Quote
Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.