CyBlock Web Filter — Browser Login Prompt FAQ
Why Are My Employees Being Asked to Log In When Browsing the Web?
Overview
After a recent Windows or browser update, employees at some organizations have started seeing unexpected username and password login prompts pop up in their browser when trying to visit websites. In some cases, websites may load but user activity is no longer being logged by name in CyBlock — showing up as blank or as an IP address instead.
This is not a CyBlock outage or a problem with the websites themselves. It is caused by a recent Microsoft security change that affects how browsers handle the automatic sign-in process that CyBlock relies on to identify users. This FAQ explains the issue and walks your IT administrator through the fix.
Frequently Asked Questions
What are employees experiencing?
Employees may see one or both of the following:
- A pop-up login prompt in Microsoft Edge or Google Chrome asking for a username and password when browsing to websites — even sites they visit every day.
- No visible prompt, but CyBlock activity reports show usernames as blank or as an IP address, meaning user identification has silently stopped working.
Both symptoms have the same root cause and the same fix.
What is causing this?
CyBlock identifies users automatically and silently by asking the browser to confirm the employee’s Windows login credentials as web traffic passes through the CyBlock proxy. This happens in the background — employees normally never see it or have to do anything.
Recent updates to Windows 11 and the Microsoft Edge and Google Chrome browsers have tightened the rules around this automatic sign-in process. Browsers now require that the proxy server be on an approved list before they will share credentials with it. If CyBlock’s proxy address is not on that list, the browser will either:
- Pop up a manual login prompt asking the employee to enter credentials themselves, or
- Skip the process entirely, leaving CyBlock unable to identify who is browsing.
This is a Microsoft security change, not a CyBlock defect.
Is this affecting everyone?
Not necessarily all at once. The change is rolling out gradually with Windows and browser updates, so you may see it affect some computers before others. Organizations running Windows 11 version 24H2 or later, or those with recently auto-updated versions of Edge or Chrome, are most likely to see this now.
How is this fixed?
Your IT administrator needs to add the CyBlock proxy address to an approved list that tells Edge and Chrome it is safe to automatically sign in through it. This is done using a Group Policy (GPO), which pushes the setting to all company computers at once — no changes needed on individual desktops.
Once deployed, the login prompts will stop and CyBlock will resume capturing usernames automatically.
Which browsers need to be configured?
- Microsoft Edge — requires configuration
- Google Chrome — requires configuration
- Internet Explorer — not affected
- Firefox — uses a separate process; contact Wavecrest Support if Firefox is in use
Will this fix affect anything else on our computers?
No. This setting only tells Edge and Chrome to allow the automatic sign-in process specifically for the CyBlock proxy address. It does not change how any other websites or services authenticate, and it does not lower security elsewhere.
Fix: Step-by-Step Configuration Instructions
These steps are for your IT Administrator. They require access to Group Policy Management on your Windows domain.
Microsoft Edge — via Group Policy (Recommended)
First-time setup: Download the Microsoft Edge policy templates from: https://www.microsoft.com/en-us/edge/business/download
Copy these files to your domain controller’s Central Store:
windows\admx\msedge.admx→C:\Windows\PolicyDefinitions\windows\admx\en-US\msedge.adml→C:\Windows\PolicyDefinitions\en-US\
Steps:
- Open Group Policy Management Console (
gpmc.msc). - Create or edit a GPO linked to the OU containing your computers.
- Navigate to:
Computer Configuration → Administrative Templates → Microsoft Edge → HTTP authentication - Open the policy: Configure list of allowed authentication servers
- Set it to Enabled.
- In the value field, enter:
*.cloud.cyblock.com,cloud.cyblock.com - Click OK and close the editor.
- Run
gpupdate /forceon a test machine or wait for Group Policy to refresh. - Restart the browser — this policy requires a full browser restart to take effect.
Microsoft Edge — via Windows Registry Manual
Use this method for non-domain environments or to deploy via a login script.
Registry path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge
Value:
- Name:
AuthServerAllowlist - Type:
REG_SZ(String) - Data:
*.cloud.cyblock.com,cloud.cyblock.com
Google Chrome — via Group Policy (Recommended)
First-time setup: Download the Chrome ADMX templates from Google’s admin page and add them to your domain’s Central Store.
Steps:
- Open Group Policy Management Console (
gpmc.msc). - Create or edit a GPO linked to the OU containing your computers.
- Navigate to:
Computer Configuration → Administrative Templates → Google → Google Chrome → HTTP authentication - Open the policy: Authentication server allowlist
- Set it to Enabled.
- In the value field, enter:
*.cloud.cyblock.com,cloud.cyblock.com - Click OK and close the editor.
- Run
gpupdate /forceon a test machine or wait for Group Policy to refresh. - Restart the browser to apply the change.
Google Chrome — via Windows Registry Manual
Registry path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome
Value:
- Name:
AuthServerAllowlist - Type:
REG_SZ(String) - Data:
*.cloud.cyblock.com,cloud.cyblock.com
Troubleshooting
| Symptom | Likely Cause | Action |
|---|---|---|
| Login prompts persist after GPO deployed | Browser not restarted | Fully close and reopen all browser windows |
| Usernames still blank in CyBlock logs | Policy not reaching computers | Run gpupdate /force and verify GPO is linked to the correct computer OU |
Policy not showing in edge://policy | Edge ADMX templates not installed | Install templates in the Central Store on your domain controller |
| Only some computers affected | GPO linked to wrong OU | Ensure the GPO is linked to the OU containing computer accounts, not user accounts |
Additional Notes
- This setting must be applied as a computer policy (
HKEY_LOCAL_MACHINE), not a user policy. - Multiple proxy addresses can be added separated by commas with no spaces.
- This change is part of Microsoft’s ongoing effort to phase out older authentication methods. Wavecrest will publish updated guidance as Microsoft’s rollout continues.