PRUEBA AHORA

uBlock Origin Browser Extension Report

Miscellaneous Security Software

Find uBlock Origin Chrome & Edge Extensions

As part of our Malvertising blog, we created this report in order to find which of your assets have the uBlock Origin Chrome or Edge extension. Having an ad-blocking extension is one of the most important tools you have to protect your organization against Malvertising and preventing that your users fall prey to these malicious online ads. Get more information regarding malvertising on our blog post.

In order to run the report, you will need to make sure you scan the correct registry keys first. You can find out how to scan these in the Malvertising blog post.

uBlock Origin Report

uBlock Origin Extension Query

Select Top 1000000 tsysOS.Image As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
Case when SubQuery1.Regkey like '%chrome%' then 'Chrome'
when SubQuery1.Regkey like '%Edge%' then 'Edge'
end as Browser,
Case
When SubQuery1.Valuename Is Not Null And SubQuery1.Valuename <> ''
Then 'Yes'
Else 'No'
End As ExtensionFound,
Case
When TsysLastscan.Lasttime < GetDate() - 1 Then
'Last registry scan more than 24 hours ago! Scanned registry information may not be up-to-date. Try rescanning this machine.'
End As Comment,
tblAssets.Lastseen,
tblAssets.Lasttried,
TsysLastscan.Lasttime As LastRegistryScan
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join TsysLastscan On tblAssets.AssetID = TsysLastscan.AssetID
Inner Join TsysWaittime On TsysWaittime.CFGCode = TsysLastscan.CFGcode
Left Join (Select Top 1000000 tblRegistry.AssetID,
tblRegistry.Regkey,
tblRegistry.Valuename,
tblRegistry.Value,
tblRegistry.Lastchanged
From tblRegistry
Where
(tblRegistry.Regkey Like
'%Software\Google\Chrome\PreferenceMACs\Default\extensions.settings' And
tblRegistry.Valuename = 'cjpalhdlnbpafiamejdnhcphjbkeiagm') or tblRegistry.Regkey Like
'%SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings' And
tblRegistry.Valuename = 'odfafepnkmbhccpbejgmiehpchacaeak') SubQuery1 On
SubQuery1.AssetID = tblAssets.AssetID
Where tblAssetCustom.State = 1 And TsysWaittime.CFGname = 'registry'
Order By tblAssets.Domain,
tblAssets.AssetName

Show

Hide