Forum Discussion

re_bl's avatar
re_bl
Brass Contributor
Feb 11, 2021

GPO PreventSmartScreenPromptOverrideForFiles

We have activated the following GPO => Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads, as it's written in the Security Baseline. Now we have a Problem that an Internal Web Application provide MSI download and the GPO is blocking the download.

Do we have an option to only unlock Internal URL/ Web Application? Because we won't such download unlock for all URL's.

  • re_bl Hi!  I just took a look at our policy documentation.  Have you tried to use the 

    SmartScreenAllowListDomains Policy?  (https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#smartscreenallowlistdomains)

     

    It mentions "Configure the list of Microsoft Defender SmartScreen trusted domains. This means: Microsoft Defender SmartScreen won't check for potentially malicious resources like phishing software and other malware if the source URLs match these domains. The Microsoft Defender SmartScreen download protection service won't check downloads hosted on these domains."  

     

    Thanks! 

     

    -Kelly

    • re_bl's avatar
      re_bl
      Brass Contributor

      Kelly_Y To Configure the GPO Configure the list of Microsoft Defender SmartScreen trusted domains, has none effect. Its still not working. 

      • Kelly_Y's avatar
        Kelly_Y
        Icon for Microsoft rankMicrosoft

        re_bl Thanks for following up!  I've reached out to the team to see if they have any recommendations.  We will follow up if they have any information/insights.  

         

        -Kelly

Resources