Forum Discussion

Krinto1100's avatar
Krinto1100
Copper Contributor
Jul 20, 2022

Smartscreen not working after Update to 103.0.1264.49

Hello,


after I upgraded from 102.0.1245.41 to 103.0.1264.49, Smartscreen doesn't work anymore and downloads are displayed after about 20 seconds.

 

With 103.X no warnings are shown at https://demo.smartscreen.msft.net, but with 102.X I get some. The error also occurs in Beta (104.0.1293.25) and Dev (105.0.1321.0).

 

The problem only seems to occur on a terminal server farm (Server 2016 + Citrix virtual Apps and Desktops CU5) and VDI environment (Windows 10 + Citrix virtual Apps and Desktops CU5). Windows Defender is disabled as we are using Sophos AV.

 

As soon as I start a test at https://demo.smartscreen.msft.net, or download a file, the process swi_fc (Sophos Web-Protection) tries to connect to various IPs ( for example 20.67.219.150, 20.73.130.64, 20.86.849.62). Port 443 is used.


When I disable Sophos Web-Protection, MSEdge initiates the same connections.

 

In both cases, the connection is not opened via proxy. Sophos or Edge try to open the connections directly. However, this is forbidden in our system, which is probably the reason for the 20 second timeout on downloads.

 

If I set
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\NewSmartScreenLibraryEnabled = 0
the error is gone. Warnings and downloads work again and I don't see any failed connections from swi_fc or msedge. However, with Edge 105, the old library is no longer delivered. So this is not a permanent solution. https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel#version-1020124550-june-23

 

Allowing direct connections via port 443 also fixes the problem.

 

Does anyone have any ideas what I could do?

  • Hello all. Thank you for your patience. I'm the Product Manager for Smartscreen in Microsoft Edge and I want to provide a quick update. We've developed a fix to address this issue, and we're in the final stages of testing and validation before shipping to all customers. The fix will be available starting edge v104 and on later releases.

    The NewSmartScreenLibrary policy is still available and will remain available until we're confident the issue has been resolved. The plan as of now is to deprecate it in v107. More details to come later on. https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#newsmartscreenlibraryenabled
  • Hello all. Thank you for your patience. I'm the Product Manager for Smartscreen in Microsoft Edge and I want to provide a quick update. We've developed a fix to address this issue, and we're in the final stages of testing and validation before shipping to all customers. The fix will be available starting edge v104 and on later releases.

    The NewSmartScreenLibrary policy is still available and will remain available until we're confident the issue has been resolved. The plan as of now is to deprecate it in v107. More details to come later on. https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#newsmartscreenlibraryenabled
    • Krinto1100's avatar
      Krinto1100
      Copper Contributor
      Thank you for the update. Fixing the issue and keeping the NewSmartScreenLibrary policy for some additional month in place looks like the best solution.
    • PackerBacker's avatar
      PackerBacker
      Brass Contributor
      I see Version 104.0.1293.70: August 25, 2022 came out yesteday...
      however the release notes do not pinpoint this fix. Can the stable channel be updated to refclect the smartscreen fix?
      • Tinzou's avatar
        Tinzou
        Copper Contributor
        I updated to 104.0.1293.70 and removed the NewSmartScreenLibrary GPO Setting today.
        The issue actually seems to be resolved.
  • Krinto1100 Hello!  Thanks for reaching out!  I just spoke to the team and this is a known issue they are working on resolving.  For the time being, please continue to use the NewSmartScreenLibraryEnabled policy as a temporary mitigation.   

     

    I don't currently have an ETA for the fix but I'll try to update this thread when more information is available.  Thanks! 

     

    -Kelly

    • Krinto1100's avatar
      Krinto1100
      Copper Contributor

      Kelly_Y thanks a lot for your fast response. I'm very happy that the problem is not on our site. 

      Can you explain to my why this only happens on specific systems?

       

    • PackerBacker's avatar
      PackerBacker
      Brass Contributor
      Any update on the fix for this? We too are getting this and are having to revert back to the old libraries that honor Proxy.
    • Krinto1100's avatar
      Krinto1100
      Copper Contributor
      Today I updated edge to 104.0.1293.47 on our RDS. Sadly, the problem is still there.
      Can you give me a quick update on this, please?

      What should we do if the issue is not solved with 105 and the old library is no longer delivered? Disable SmartScreen is not a good option.
      • PackerBacker's avatar
        PackerBacker
        Brass Contributor
        For now setup a GPP or batch or whatever mechanism to get your computers to use the old libraries
        HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\NewSmartScreenLibraryEnabled = 0
  • Ricky_S's avatar
    Ricky_S
    Copper Contributor
    Hello,
    just upgraded to stable version 104.0.1293.63 and removed the workaround (NewSmartScreenLibraryEnabled = 0) and the problem seems to be fixed.
    can anyone confirm, please
    • PackerBacker's avatar
      PackerBacker
      Brass Contributor
      Any official word from Microsoft about the fix with SmartScreen and proxies yet?
      • Ricky_S's avatar
        Ricky_S
        Copper Contributor
        Unfortunately, no. Not even in the release notes
    • Krinto1100's avatar
      Krinto1100
      Copper Contributor
      Hello,
      sadly, I can't confirm. I updated edge to 104.0.1293.63 and removed HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\NewSmartScreenLibraryEnabled or set it to 1. In both cases, smart screen didn't work.

      Can you redo the test? Can't imagine that it is fixed in your environment but not in mine.

      Just a short question: Are there only CVAD (RDS + Citrix) or VDI systems effected in your environment?
      • Ricky_S's avatar
        Ricky_S
        Copper Contributor
        Hello,
        Thank you for your comment. I made a mistake during testing and I apologize for the incorrect statement. Our environment is behind a proxy server and the new smart screen library is no longer working or is working very slowly. In the home office, we have a direct connection and therefore no problems:
        We are still waiting for a solution from Microsoft.

Resources