# Add-on Restriction ## Table of contents - [Browser Add-Ons](https://www.manageengine.com/products/desktop-central/help/browser-security/addon-restriction.html#add-ons) - [Managing Add-Ons](https://www.manageengine.com/products/desktop-central/help/browser-security/addon-restriction.html#manage-addons) ## Browser Add-Ons A **browser add-on** (plugin or extension) is a software module that adds specific capabilities to a web browser. These add-ons enhance the functionality of the browser, providing features like ad blocking, password management, and integration with other applications. While they can boost productivity, they also pose security risks, as malicious add-ons can steal personal information and compromise systems. Effective browser add-on management is crucial for security, compliance, and performance. Unauthorized add-ons can lead to data breaches and non-compliance. By limiting unnecessary add-ons, organizations can improve productivity and browser speed. ## Managing Add-Ons Lack of visibility into installed add-ons and their security vulnerabilities makes it difficult for IT admins to manage risks. To safeguard organizational data, IT admins should prioritize gaining a comprehensive overview of browser usage and installed add-ons. The Add-on Management policy in Endpoint Central helps you achieve complete control over add-ons. Follow these steps to configure the setting: **Note:** The Add-on Management policy is now supported for macOS. 1. Open Endpoint Central console and navigate to **Browsers -> Policies -> Add-on Management**. 2. Click **Create Policy** and select a browser of your choice. 3. Give a name for the add-on restriction policy. 4. You can choose to block specific add-ons manually or by uploading their CSV file. You can also choose to block specific permissions used by the add-ons such as Desktop capture and so on. 5. Select **Remove selected extensions if already installed** to automatically remove the specified extensions from devices where they are already installed. 6. **Native Messaging Permissions** enable communication between the browser and native applications on Windows devices, facilitating specific tasks. This can be allowed or blocked. 7. **Pin Extensions** allows you to permanently fix add-ons to the browser's toolbar, ensuring easy access and visibility. 8. **Manage Runtime Host Access** allows you to configure host permissions for extensions by allowing or blocking extensions from running on specific websites. You can select the required extension and associate it with a website group to control its access. 9. **Save** and **publish** the policy. [Associate](https://www.manageengine.com/products/desktop-central/help/browser-security/policy-deployment.html#deploy) the policy to computers/groups that you want to apply the changes to. [![Add-on Management](https://cdn.manageengine.com/sites/meweb/images/desktop-central/help/browser-security/addon-management.png)](https://www.manageengine.com/sites/meweb/images/desktop-central/help/browser-security/addon-management.png) If you have any further questions, please refer to our [Frequently Asked Questions](https://www.manageengine.com/products/desktop-central/help/browser-security/browser-faq.html#restrictfaq) section for more information.