Feb 10 2021 10:52 PM
We have activated the following GPO => Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads, as it's written in the Security Baseline. Now we have a Problem that an Internal Web Application provide MSI download and the GPO is blocking the download.
Do we have an option to only unlock Internal URL/ Web Application? Because we won't such download unlock for all URL's.
Feb 12 2021 02:49 PM
@re_bl Hi! I just took a look at our policy documentation. Have you tried to use the
SmartScreenAllowListDomains Policy? (https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#smartscreenallowlistdomains)
It mentions "Configure the list of Microsoft Defender SmartScreen trusted domains. This means: Microsoft Defender SmartScreen won't check for potentially malicious resources like phishing software and other malware if the source URLs match these domains. The Microsoft Defender SmartScreen download protection service won't check downloads hosted on these domains."
Thanks!
-Kelly
Feb 18 2021 01:58 AM
@Kelly_Y To Configure the GPO Configure the list of Microsoft Defender SmartScreen trusted domains, has none effect. Its still not working.
Feb 18 2021 02:42 PM
@re_bl Thanks for following up! I've reached out to the team to see if they have any recommendations. We will follow up if they have any information/insights.
-Kelly
Mar 17 2021 04:52 AM - edited Mar 17 2021 04:56 AM
Same here. Additionally disabled
If you disable this setting, "potentially unwanted app blocking with Microsoft Defender SmartScreen is turned off."