GPO PreventSmartScreenPromptOverrideForFiles

%3CLINGO-SUB%20id%3D%22lingo-sub-2121315%22%20slang%3D%22en-US%22%3EGPO%20PreventSmartScreenPromptOverrideForFiles%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2121315%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20activated%20the%20following%20GPO%20%3D%26gt%3B%20Prevent%20bypassing%20of%20Microsoft%20Defender%20SmartScreen%20warnings%20about%20downloads%2C%20as%20it's%20written%20in%20the%20Security%20Baseline.%20Now%20we%20have%20a%20Problem%20that%20an%20Internal%20Web%20Application%20provide%20MSI%20download%20and%20the%20GPO%20is%20blocking%20the%20download.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22PreventSmartScreenPromptOverrideForFiles.jpg%22%20style%3D%22width%3A%20536px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F254116iE7341F01DCE61CAF%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22PreventSmartScreenPromptOverrideForFiles.jpg%22%20alt%3D%22PreventSmartScreenPromptOverrideForFiles.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EDo%20we%20have%20an%20option%20to%20only%20unlock%20Internal%20URL%2F%20Web%20Application%3F%20Because%20we%20won't%20such%20download%20unlock%20for%20all%20URL's.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2130243%22%20slang%3D%22en-US%22%3ERe%3A%20GPO%20PreventSmartScreenPromptOverrideForFiles%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2130243%22%20slang%3D%22en-US%22%3E%3CP%20data-unlink%3D%22true%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F526597%22%20target%3D%22_blank%22%3E%40re_bl%3C%2FA%3E%26nbsp%3BHi!%26nbsp%3B%20I%20just%20took%20a%20look%20at%20our%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-policies%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Epolicy%20documentation%3C%2FA%3E.%26nbsp%3B%26nbsp%3BHave%20you%20tried%20to%20use%20the%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22heading-anchor%22%3ESmartScreenAllowListDomains%20Policy%3F%26nbsp%3B%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-policies%23smartscreenallowlistdomains%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-policies%23smartscreenallowlistdomains%3C%2FA%3E)%3C%2FP%3E%0A%3CP%20class%3D%22heading-anchor%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22heading-anchor%22%3EIt%20mentions%20%3CSTRONG%3E%22%3C%2FSTRONG%3E%3CSPAN%3E%3CSTRONG%3EConfigure%20the%20list%20of%20Microsoft%20Defender%20SmartScreen%20trusted%20domains.%20This%20means%3A%20Microsoft%20Defender%20SmartScreen%20won't%20check%20for%20potentially%20malicious%20resources%20like%20phishing%20software%20and%20other%20malware%20if%20the%20source%20URLs%20match%20these%20domains.%20The%20Microsoft%20Defender%20SmartScreen%20download%20protection%20service%20won't%20check%20downloads%20hosted%20on%20these%20domains.%22%3C%2FSTRONG%3E%26nbsp%3B%3C%2FSPAN%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22heading-anchor%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22heading-anchor%22%3EThanks!%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22heading-anchor%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22heading-anchor%22%3E%3CEM%3E-Kelly%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2145759%22%20slang%3D%22en-US%22%3ERe%3A%20GPO%20PreventSmartScreenPromptOverrideForFiles%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2145759%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F757644%22%20target%3D%22_blank%22%3E%40Kelly_Y%3C%2FA%3E%26nbsp%3BTo%20Configure%20the%20GPO%26nbsp%3B%3CSTRONG%3EConfigure%20the%20list%20of%20Microsoft%20Defender%20SmartScreen%20trusted%20domains%2C%20%3C%2FSTRONG%3Ehas%20none%20effect.%20Its%20still%20not%20working.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2147689%22%20slang%3D%22en-US%22%3ERe%3A%20GPO%20PreventSmartScreenPromptOverrideForFiles%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2147689%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F526597%22%20target%3D%22_blank%22%3E%40re_bl%3C%2FA%3E%26nbsp%3BThanks%20for%20following%20up!%26nbsp%3B%20I've%20reached%20out%20to%20the%20team%20to%20see%20if%20they%20have%20any%20recommendations.%26nbsp%3B%20We%20will%20follow%20up%20if%20they%20have%20any%20information%2Finsights.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3E-Kelly%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

We have activated the following GPO => Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads, as it's written in the Security Baseline. Now we have a Problem that an Internal Web Application provide MSI download and the GPO is blocking the download.

PreventSmartScreenPromptOverrideForFiles.jpg

Do we have an option to only unlock Internal URL/ Web Application? Because we won't such download unlock for all URL's.

4 Replies

@re_bl Hi!  I just took a look at our policy documentation.  Have you tried to use the 

SmartScreenAllowListDomains Policy?  (https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#smartscreenallowlistdomains)

 

It mentions "Configure the list of Microsoft Defender SmartScreen trusted domains. This means: Microsoft Defender SmartScreen won't check for potentially malicious resources like phishing software and other malware if the source URLs match these domains. The Microsoft Defender SmartScreen download protection service won't check downloads hosted on these domains."  

 

Thanks! 

 

-Kelly

@Kelly_Y To Configure the GPO Configure the list of Microsoft Defender SmartScreen trusted domains, has none effect. Its still not working. 

@re_bl Thanks for following up!  I've reached out to the team to see if they have any recommendations.  We will follow up if they have any information/insights.  

 

-Kelly

Same here. Additionally disabled

 

If you disable this setting, "potentially unwanted app blocking with Microsoft Defender SmartScreen is turned off."