Help CenterWhen using the Web Control module for agent based policies, there may be cases where a web page is expected to be blocked but is instead allowed due to the web page using a new protocol called QUIC (Quick UDP Internet Connections).
ThreatLocker advises using the following solution that disables QUIC from being used on Internet browsers like Microsoft Edge and Google Chrome.
Configuration Manager Policies
If you are using the Configuration Manager module for your organization, ThreatLocker has created two policies to quickly deploy the configurations needed to disable QUIC for Microsoft Edge and Google Chrome. They are both found in the Network Protocol Security category.
These policies can be applied to the endpoints you wish to manage this configuration for by navigating to the Configuration Manager module, creating a new policy, setting the Applies To on the desired endpoints, and choosing the following policy needed.
- Disable QUIC Transport Protocol for Chrome Browser
- Disable QUIC Transport Protocol for Edge Browser
With the desired policy selected, keep in mind the following configuration statuses that can be applied to change the behavior of the policy.
- Enable Policy: This setting will disable QUIC (Quick UDP Internet Connections) on the local machine and will monitor for QUIC registry value changes in the Chrome browser.
- Disable Policy: This setting will not monitor for QUIC registry value changes in the Chrome browser.
- Set Policy Not Configured: Will leave the current browser setting on the local machine and will not monitor for QUIC registry value changes in the Chrome browser.
Don't forget to deploy policies on configuration changes with these policies and to review the Unified Audit for action types of 'Configuration' to see the latest status applied to endpoints.
Additional Documentation: ThreatLocker Configuration Manager | ThreatLocker Help Center
Managed Settings for Google Chrome and Microsoft Edge
Google Chrome and Microsoft Edge offer settings that can be used to configure the QUIC protocol through different methods. This ultimately can be achieved through the use of editing registry keys for Windows machines, or applying GPO policies. Configuration profiles can be used for macOS endpoints to disable QUIC.
Microsoft Edge
- Microsoft Windows GPO and Registry Documentation:
Microsoft Edge Browser Policy Documentation QuicAllowed | Microsoft Learn - macOS Configuration Profile Documentation:
Microsoft Edge Browser Policy Documentation QuicAllowed | Microsoft Learn
Google Chrome
- Windows and macOS Chrome Browser Policies Documentation:
Set Chrome browser policies on managed PCs - Chrome Enterprise and Education Help - Configuration Profile Settings:
- Domain: com.google.Chrome
- Key: QuicAllowed
- Type: Boolean
- Value: false
- Example .plist snippet:
- <dict>
<key>QuicAllowed</key>
<false/>
</dict>
- <dict>
Confirming the Managed Policy is Applied
Microsoft Edge:
- You can verify the policy in Edge by visiting 'edge://policy' in the browser.
Google Chrome:
- You can verify the policy in Chrome by visiting 'chrome://policy' in the browser.