Many users have noticed a message in the Firefox options page(about:preferences) such as ‘Your browser is being managed by your organization’ or ‘Your organization has disabled the ability to change some options.’. Users who have an anti-virus installed on their system, especially Avast or AVG or AdBlock or privacy-related add-ons installed in Firefox, see this message in their preferences page.
If your device is not part of an organization and you are a single user, then some other program such as Avast antivirus or an addon is controlling parts of the browser. Because of the browser being controlled by another program, some users face limitations in the settings that they can modify while some users are able to modify all settings.
What is Import Enterprise Roots?
Import Enterprise Roots is a policy in Firefox which when enabled reads SSL certificates from the Windows certificate store and when not enabled it does not read any SSL certificates from the Windows certificate store. Avast anti-virus is known to use this policy to intercept traffic, in order to protect users from malware and harmful websites and also many privacy and Adblock related addons use this to protect their users.
The Enterprise Roots preference can be used to import any root certificate authorities which are added to your operating system like Avast anti-virus. There are many policies and preferences like this in Firefox which has been added to prevent users from getting access to a few features in Firefox. When any policies are turned on by any software or addon then Firefox will start displaying this message – ‘Your organization has disabled the ability to change some options.’
How to disable import enterprise roots?
If you are unable to modify certain settings in Firefox and want to be able to modify those then you should disable this policy. Here are a few different ways in which you can disable it –
1. Disable inside Firefox
- First type in about:config in the address bar of your browser and press enter.
- Now tick the ‘Warn me when I attempt to access these preferences’ and click on the ‘Accept the Risk and Continue’ button.
- In the search field type in ‘security.certerrors.mitm.auto_enable_enterprise_roots’.
- Now change the preference’s value from true to false by double-clicking on it.
- Again search for the following ‘security.enterprise_roots.enabled’.
- Then double click on the preference and change its value from true to false.
- Now no new certificate authorities like Avast won’t be allowed to be added and control the web traffic in Firefox.
2. Disable from Windows Registry Editor
- Open the Windows Registry Editor from the Start menu.
- Now go the following address in the Registry editor ‘HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\‘.
- Under the Firefox folder, all the policies which are enabled in Firefox are listed, delete the whole Firefox folder to disable all enabled policies inside Firefox.
- Now restart Firefox and you should not see the same message in your Options page again.
3. Edit policies.json file
- Open the Firefox installation folder, in Windows, it’s usually located at C:\Program Files\Mozilla Firefox.
- You will see the ‘Distribution’ folder now.
- Go inside it and look for the policies.json file. Delete it when you find it.
- Now all the record of all the policies which were enabled in Firefox has been deleted, when you open Firefox again no policies should be enabled.
- You can check it by visiting about:policies.
4. Remove antivirus or addon
As we already mentioned earlier that this policy is used by antiviruses like Avast or AVG or privacy addons like UBlock or Privacy Badger, to scan the user’s web traffic and protect from malware. But if you think that you do not need this kind of web protection anymore, then you can just go ahead and uninstall the antivirus or addon whichever was using this policy. Then this policy will also be turned off. Now your browser will not display the message of being controlled by an organisation anymore and you will be able to modify all Firefox settings.
If you are worried that after uninstalling Avast you will become vulnerable to malware, then you can just let the inbuilt Windows Defender run and it does a pretty good job of protecting users from harm. But if you were already able to modify all settings and use the browser normally, then you really should not get rid of the anti-virus, as it has the ability to protect from harmful malware on the Internet.