Forum Discussion
Ability to block all downloads but allow users to select Keep
No, we have never had that prompt show up until version 91 was released, but even then it ONLY showed up after I made a change to the DownloadRestrictions Policy.
So my Policy was originally set to BlockDangerousDownloads, which allowed files to be downloaded (again never got that Keep or delete message for any downloads that I am aware of).
As soon as the release of v91, we were getting full blocks (no changes to the GPO)
I then changed the Policy to ' No Special restrictions' and we were now getting this
Once you choose Keep from the menu, after a few minutes the next time this file type is clicked to be downloaded, it will just present the Open/Save As/Save option.
The above screenshots is an .msg file from a ticketing system, which we also later found out people trying to download internal applications were also being blocked.
I started reading this https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-downloads-interruptions and got me thinking what if we can ALWAYS enable the prompt that asks a user to Keep or Delete?
I don't fully understand what is actually happening, because according to that page (and subsequent links) the .msg file should not have been blocked as it has always been opened before.. the difference is, that was done prior to version 91.
We have a requirement of the following:
If any of the executable test files are downloaded successfully and can be executed without a warning and prompt for the user to decide whether or not to proceed then record a Fail result for this sub-test. Otherwise, record a Pass result for this sub-test.
So to me this fits that requirement, even if it is not intended to do so..
So I don't want to Block the files, I just want it to always prompt regardless of what files being downloaded. So any "known good files" from lets say Microsoft will still give us this prompt and then we have to click Keep.
This is a total PITA move, but we have special requirements from au
Bonus points if we can exclude internal domains from being prompted.
And to answer your question, I don't see how Prompt for location would provide me with the block prompt and then the option to Keep or Delete.
I get the intent of asking where to save each time, but that is not necessarily a warning, where the above one is a warning if you will.
KevinJ613 I am also in this same situation. If you found a resolution I'd be interested in hearing it so I can give it a shot. Thanks!
- I had a ticket opened with MS Edge team, and there really are no options to do what we want. The support agent stated they would bring it up with the product team.. but i dunno.
So i am still looking for a solution to do this (or at least something close to it.KevinJ613 I'm not so sure if this is helpful or not but this helped move me a bit forward. https://admx.help/?Category=EdgeChromium&Policy=Microsoft.Policies.Edge::ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
I do not want to manage some giant list of websites and file types but this is letting files download from sites that I've got the Allow Download Restrictions piece set to Block Dangerous Downloads.
- From what MS Edge support told me this is only to bypass the blocking messages of file types when entering your domain, like if you wanted any file type from your internal domain to not get the blocking messages.
I also thought about leveraging this somehow to do what I want, but I also did not want to keep a list of domains to ensure things were always being blocked.
So in my case I don't want to bypass file downloads, I just want to always have the Block message (but then have the option for the user to Keep or Delete)
There is also a user based policy (Not MS Edge related) called Attachment Manager (User/Policies/AdminTemplates/WindowsComponents/Attachment Manager) which is supposed to leverage internet zones, but I can't figure out how to get it to work as everything I have tried doesn't "warn" about the downloads