When SecureRun is enabled, it may block some Chrome Extensions from installing. Two examples of this are Adobe Acrobat and Power Automate Desktop.
The commands that are run to install these extensions are as follows:
C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Power Automate Desktop\PAD.EdgeMessageHost.exe" chrome-extension://njjljiblognghfjfpcdpdbpbfcmhgafg/ --parent-window=0 < \\.\pipe\LOCAL\edge.nativeMessaging.in.8c9048e3136bfe0b > \\.\pipe\LOCAL\edge.nativeMessaging.out.8c9048e3136bfe0b
C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe" chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.602ecca2de172262 > \\.\pipe\chrome.nativeMessaging.out.602ecca2de172262
To allow the extensions to be installed, create a “New Executable Policy” for each extension that is being blocked. This can be done on either the Computer or User side, depending on who is a member of the OU.
Create a Combo Rule
Select “Path”, “Command-line arguments” and “Apply to child processes”.
Under Path Condition, add file %SYSTEMROOT%\System32\cmd.exe.
Under Command-line Arguments, select “Strict equality”; check “Ignore arguments case”; under Arguments, we are going to take the first part of the installation command, after cmd.exe, and replace the last part with asterisks.
/d /c "C:\Program Files (x86)\Power Automate Desktop\PAD.EdgeMessageHost.exe" chrome-extension://*/*
/d /c "C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe" chrome-extension://*/*
Set action as “Allow and Log”
Rename, set ILT if required and Finish