Forum Discussion
Web content filtering and indicator aren't working on third party browser
Hi, we have just noticed that web content filtering and customized indicators are not working on third party browsers after upgraded defender for endpoint to 4.18.23050.3, the issue has happened to both Win10 and Win11 machines.
Has anyone else got the same issue?
- LouisMastelinckBrass ContributorHi Spark,
Do you have network protection enabled in the configuration of MDE?
In order for it to function it requires:
- An active content filtering policy
- it works on Edge, Chrome, FireFox, Brave or Opera if the network protection feature is enabled in block mode with customer network indicators turned on in the portal.- Spark ZhangBrass ContributorYes, we have. I'm sure that all settings are correctly enabled.
The web content filtering and indicator feature worked fine before upgrading to v4.18.23050.3.
I've submitted a ticket to Microsoft support and the Support guy has re-produced the issue in his testing environment, but he haven't found a solution yet. He also doesn't suggest to do a downgrade to the Defender even the after downgrade the web content filtering would be working again.
- Spark ZhangBrass ContributorHi Louis, Yes, I'm sure that all settings are correct. (Enabled content filtering policy and network protection). The feature was working fine before upgrading to 4.18.23050.3, and once we have rolled back to the previous version (by using mpcmdrun /revertplatform), the WCF and indicator will be working again. A Microsoft support guy has re-produced and confirmed that issue from his testing environment as well. I'm looking for a hotfix or mitigation to this issue but I haven't found it. All our endpoints have been impacted now even we have set the defender upgrade channel to broad channel to them.
- Peter HollandIron Contributoras per my post I have seen this has stopped working since 31st May as described here.
content filtering policy applied (and works on the same systems via edge smartscreen), network protection enabled in block mode, all prereqs in place and it worked until 31st May.
This is a big concern !- Groove200Brass ContributorAnyone had a response from MS yet? We are seeing the same. Just logged a ticket
- Peter HollandIron Contributor
just raised a Sev A on it.
- Groove200Brass ContributorAny luck sorting this guys ?
- Peter HollandIron Contributorfrom my support ticket you can rever the platform to the previous release (the broken one has apparently been marked to not re-update to) from an elevated command prompt:
“%programdata%\Microsoft\Windows Defender\Platform\4.18.23050.3\MpCmdRun.exe” -RevertPlatform
that said... on my test system that doesn't seem to have resolved it.- Spark ZhangBrass ContributorI can confirm that RevertPlatform isn't working on this issue.
Because MS has rolled out 4.18.23050 to the broad channel, so that even you have reverted to an old stable version, the MDE will automatically upgrade itself to the latest version soon.
Also you can't do a RevertPlatform on a new installed PC, as the previous release on the new installation is very old.
They should add switch for setting the target version.
- GeraszCopper ContributorIts still not working with Version 4.18.23050.5, but not just with the third party browsers, but not with the Edge.
- Groove200Brass ContributorWe are seeing some clients begin updating to 4.18.23050.5, havnt tested those yet. However when asking MS for confirmation of the 'fixed' version this morning , they have stated 4.18.23050.6 is the fixed version........which is 'estimated' to release today.
Despite being told it was releasing for our tenant on Friday.
So still in the dark as to when this will be fixed. Currently blocking execution of all third party browsers to mitigate risk,
- ctOsker1904Copper Contributor
Hello, does anyone have information if they released the new update?Spark Zhang
- Groove200Brass Contributor
Nothing yet 😞 Latest we had from our escalation support engineer was......no ETA
that was about 3 hours ago
- Peter HollandIron ContributorI am now updated to AMProductVersion : 4.18.23050.5 which appears to have resolved the issue. third-party browser access to a custom blocked url is now working again.
I have fed back to the support engineer that the response and time to resolution has not been good enough. This should have been an advisory, rollback, and notification to all defender tenants as all orgs will have been at increased risk of all manner of attacks over the last two weeks. "just use edge" doesn't cover compromises like persistence and C2 as they won't be using edge and smartscreen
- Spark ZhangBrass ContributorMS has released 4.18.23050.5 to broad channel, you can find the latest update information from the link below.
https://www.microsoft.com/en-us/wdsi/defenderupdates- Groove200Brass Contributor
Im also being told 4.18.23050.5 fixes it. We are going to test. I thought somebody had already tested .5 in this chat days ago and confirmed it didnt ? Also .5 has been available for several days, way before MS said it included the fix....and the patch notes make no mention of it.
Off to test
It';s also avail on Update Catalog - https://www.catalog.update.microsoft.com/Search.aspx?q=Microsoft%20defender
- AndrewReedCopper ContributorHey, I'm having a similar issue except for me it's my first time installing Web Filtering through M365 Defender to a customer and i had told them this would work. I then tested and none of the categories, such as adult content were being blocked.
Can anyone tell me if this should block those categories in 3rd party browsers if network protection is setup? should it block all of the same categories that smartscreen in edge can block with this?- Peter HollandIron Contributorif you run get-mpcomputerstatus check if you have AMProductVersion of 4.18.23050.5 (or later for those stumbling across this down the line).
if you have that version and not 4.18.23050.# (#<5) then yes it will block custom URLs and categories just the same as via edge and better than third-party proxy agents- AndrewReedCopper ContributorI just updated before seeing your reply! Thanks for your reply mate, I just used that exact command to determine if it was worth remoting on to remove the manually added AppLocker policy had had put in place as a work around temporarily and test, which I did and it works now with 4.18.23050.5.
- AndrewReedCopper ContributorNever mind, I just tested it and confirmed that this was what was causing the issue and it's resolved now and working as expected blocking all categories.
- Spark ZhangBrass ContributorHi All, I've confirmed that there is a performance issue after upgraded to 4.18.23050.5, the website loading time in the first time access from a 3rd party browsers are extremely longer than before.
I've raised this issue to Microsoft support and asked them to re-open the previous ticket.- tobeadvisedCopper ContributorWe are seeing same performance issue in chrome after update to 4.18.23050.5. Have raised with MS but no update. If we roll engine back to .3 don’t see the performance issue, but it seems to auto-update back to .5. Anyone know how to stop it auto updating, just the engine? Or any better suggestions? Thanks
- JamesmcphersonCopper Contributor
tobeadvised Spark Zhang
We too have started seeing the same issue. If we offboard devices from Defender the problem goes away.
Have either of you heard back from Microsoft regarding this issue? Just before i raise a case with MS myself.Thanks
- MarkA-GBrass ContributorWe are experiencing this too.
- kvwingerdenCopper ContributorIs there someone who knows if there is already a fix for this issue besides die a roll back to a earlier version?
- Peter HollandIron Contributora fix was published for the platform update way back in July. has yours stopped working this month? TBH I haven't checked this month but will be very dissapointed if they've broken it again
- MarkA-GBrass ContributorChrome is still working for the basic sites that broke for us last time. There seems to be a short delay though, but not as bad as last time, However the delay for me is the same in chrome as it is in edge. Maybe it was the SmartScreen patch to address the latest vulnerability?