The latest extension we've found that makes calls out to webpages continuously (thousands of times a day) is Awesome Screenshot, which seems like a handy little extension that takes full shots of webpages. We have a lot of designers that like to take snapshots for reference, so I can see why they'd want this extension.
As a systems administrator it's useful to see when that extension is installed so we can monitor if there is a connection between thousands of hits to potentially malicious webpages and the installation of the extension. Chrome doesn't make it easy to know what extension folder is for what extension, but they are consistent, and pulling that information is something you can do with the certainty that the main extension folder name won't change for a certain version of an extension.
First step: finding the extension folders.
If you have Chrome installed on your Mac, you can go to
And see a big list of folders there. These are where the extensions live.
So in an extension attribute you can use a -d to locate the directory of a questionable extension installed on the machine, then have the attribute report if the extension is or isn't installed based on the existence of the directory.
I found the folder of the extension by temporarily adding it to a copy of Chrome on a machine and then "managing" the extension. The Chrome settings then showed me the id of the extension in question:
I could then use that directory to create an extension attribute that looked for the offending Chrome extension and report if it is or is not installed.
#!/bin/sh # # script by emily k @volusion 2014-07-29 # to detect if the Awesome Screenshot Extension is installed on Google Chrome # currentUser=`ls -l /dev/console | cut -d " " -f 4` if [ -d "/Users/$currentUser/Library/Application Support/Google/Chrome/Default/Extensions/alelhddbbhepgpmgidjdcjakblofbmce" ] ; then STATUS="Awesome Screenshot Installed." else STATUS="Not installed." fi echo "<result>$STATUS</result>"
You can then go in and make a Smart Computer Group that uses results from the EA for reporting/scoping/etc.
This could obviously be used for other extensions, you'd just need to know what the id is/directory is called.
As always, be careful with copy-pasta, and this script is here as-is with no warranty, etc. It's just an EA so it won't do any damage, but if it doesn't work I'm not liable. Or whatever. Gotta love legalese.