I keep seeing this message appear on the top of page when I go to options in firefox “your organization has disabled the ability to change some options”. I figured out that it’s caused by “C:\ProgramData\AVAST Software\Avast\wscert.der” Tried reinstalling both avast and firefox and deleting the registry and it was gone but now it’s back. Is that message supposed to be there and if not how do I get rid of that file permanently. I can make changes to my options but not sure what options are the ones that I can’t change
@alanb, thanks for detailing the mechanism of the FF alert. Any insight to the OP’s question about any specific options that are actually unchangeable? Or is this just FF’s generic way of saying that their installed product has unexpectedly been tweaked? I’ve yet to be blocked from changing any common options, but I normally don’t change much anyway. JC.
BTW, the FF updates that repaired the add-ons problem have not affected this issue. I still see the “options” alert in FF 66.0.5 and the add-ons are functional.
The message only appears if one or more policies has been set for the browser. Its wording is less than ideal and the guys at Mozilla are talking about changing it.
There are two ways to set policies for Firefox: creating a “policies.json” file in the “distribution” folder of Firefox’s install location, or creating entries in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla.
The problem with avast doing this (and it is not condoned by Mozilla) is that if that registry key exists at all, the policies.json stops working. As a result I have lost the policies I configured for Firefox.
The message only appears if one or more policies has been set for the browser. Its wording is less than ideal and the guys at Mozilla are talking about changing it.
There are two ways to set policies for Firefox: creating a “policies.json” file in the “distribution” folder of Firefox’s install location, or creating entries in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla.
The problem with avast doing this (and it is not condoned by Mozilla) is that if that registry key exists at all, the policies.json stops working. As a result I have lost the policies I configured for Firefox.
A royal PITA >:(
@alanb, thanks for the extra info. I was not aware of the policies.json option for organizations to control user mods to FF settings. That explains the wording of the alert for me and why I can still change FF settings.
So while FF and avast “discuss” how certs should be installed and how Registry policies can coexist with policies.json files, it seems organizations can’t lock down FF settings and run avast too. Or is there an avast config choice that doesn’t install that policy in the Registry? For example, if the cert is for HTTPS, would turning off avast HTTPS scanning end up eliminating the FF alert?
So while FF and avast "discuss" how certs should be installed and how Registry policies can coexist with policies.json files
I don't think that will happen - if [i]any [/i]registry policy exists, policies.json will be ignored (by design).
it seems organizations can't lock down FF settings and run avast too.
Not true. Organizations can enforce their policies (via GPO) in the registry. The Avast policy is added: it is not a replacement for any policies already in force.
Or is there an avast config choice that doesn't install that policy in the Registry?
Haven't found one yet :(
would turning off avast HTTPS scanning end up eliminating the FF alert?
@alanb, One more thank you for even more details. No surprise in the Mozilla link to see AVG called out, too. At the risk of riling up the fanboys, I hope this isn’t a plot to sabotage the competitor of a product that avast tries to (sneak) install during any update of itself or even its own browser product (just speculating). As a longtime FF fanboy myself, I can survive this nuisance, but I don’t know about keeping avast if they insist on more mucking with my fav browser.
Just noticed it on my Firefox 67.0.1 on my Win 7 Pro 64-bit machine.
I do NOT have a folder C:\program files\mozilla firefox\distribution.
I do NOT have a file policies.json anywhere on my C:\ drive.
In my registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\Certificates, the only entry is ImportEnterpriseRoots with data value 1 (appearing as 0x00000001 (1)). There are no entries above that subkey Certificates.
In my FF, in about:policies, in “Active”, I see this:
Seems like, for now, avast is taking advantage of a Firefox loophole to add their certificate in a backdoor way (by Firefox conventions), if I followed that topic correctly.