SOLVED

Smartscreen not working after Update to 103.0.1264.49

Copper Contributor

Hello,


after I upgraded from 102.0.1245.41 to 103.0.1264.49, Smartscreen doesn't work anymore and downloads are displayed after about 20 seconds.

 

With 103.X no warnings are shown at https://demo.smartscreen.msft.net, but with 102.X I get some. The error also occurs in Beta (104.0.1293.25) and Dev (105.0.1321.0).

 

The problem only seems to occur on a terminal server farm (Server 2016 + Citrix virtual Apps and Desktops CU5) and VDI environment (Windows 10 + Citrix virtual Apps and Desktops CU5). Windows Defender is disabled as we are using Sophos AV.

 

As soon as I start a test at https://demo.smartscreen.msft.net, or download a file, the process swi_fc (Sophos Web-Protection) tries to connect to various IPs ( for example 20.67.219.150, 20.73.130.64, 20.86.849.62). Port 443 is used.


When I disable Sophos Web-Protection, MSEdge initiates the same connections.

 

In both cases, the connection is not opened via proxy. Sophos or Edge try to open the connections directly. However, this is forbidden in our system, which is probably the reason for the 20 second timeout on downloads.

 

If I set
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\NewSmartScreenLibraryEnabled = 0
the error is gone. Warnings and downloads work again and I don't see any failed connections from swi_fc or msedge. However, with Edge 105, the old library is no longer delivered. So this is not a permanent solution. https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel#version-1020124550...

 

Allowing direct connections via port 443 also fixes the problem.

 

Does anyone have any ideas what I could do?

42 Replies

@Krinto1100 Hello!  Thanks for reaching out!  I just spoke to the team and this is a known issue they are working on resolving.  For the time being, please continue to use the NewSmartScreenLibraryEnabled policy as a temporary mitigation.   

 

I don't currently have an ETA for the fix but I'll try to update this thread when more information is available.  Thanks! 

 

-Kelly

@Kelly_Y thanks a lot for your fast response. I'm very happy that the problem is not on our site. 

Can you explain to my why this only happens on specific systems?

 

Any update on the fix for this? We too are getting this and are having to revert back to the old libraries that honor Proxy.
Today I updated edge to 104.0.1293.47 on our RDS. Sadly, the problem is still there.
Can you give me a quick update on this, please?

What should we do if the issue is not solved with 105 and the old library is no longer delivered? Disable SmartScreen is not a good option.
For now setup a GPP or batch or whatever mechanism to get your computers to use the old libraries
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\NewSmartScreenLibraryEnabled = 0
I have the GPO in place. But I don't know what will happen with 105, then the library is "deprecated". Does that mean that the library will no longer be availible and we must use the new one?

Hi Everyone - The team is actively working on a fix for this issue and the plan is to have it deployed before Microsoft Edge v105 is deployed.  Hopefully we will have some updates shortly.  Thanks for your patience! 

 

-Kelly

@Kelly_YCan you please give us an update on this issue? Edge release 105 is out in Beta.

 

JuanRodPfft_0-1661194092188.png

 

Hello,
just upgraded to stable version 104.0.1293.63 and removed the workaround (NewSmartScreenLibraryEnabled = 0) and the problem seems to be fixed.
can anyone confirm, please
Any official word from Microsoft about the fix with SmartScreen and proxies yet?
Unfortunately, no. Not even in the release notes
Hello,
sadly, I can't confirm. I updated edge to 104.0.1293.63 and removed HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\NewSmartScreenLibraryEnabled or set it to 1. In both cases, smart screen didn't work.

Can you redo the test? Can't imagine that it is fixed in your environment but not in mine.

Just a short question: Are there only CVAD (RDS + Citrix) or VDI systems effected in your environment?
Hello,
Thank you for your comment. I made a mistake during testing and I apologize for the incorrect statement. Our environment is behind a proxy server and the new smart screen library is no longer working or is working very slowly. In the home office, we have a direct connection and therefore no problems:
We are still waiting for a solution from Microsoft.
Hello,
we are faced with that problem too and at our environment it's caused only by using a proxy. Luckily we found this discussion and the workaround. I was fighting 2 weeks with that problem. So I think there are more people unhappy about the new library than just the few posting here..
Issue the "workaround" will be depricated in later releases, So it's a ticking time bomb.
best response confirmed by Krinto1100 (Copper Contributor)
Solution
Hello all. Thank you for your patience. I'm the Product Manager for Smartscreen in Microsoft Edge and I want to provide a quick update. We've developed a fix to address this issue, and we're in the final stages of testing and validation before shipping to all customers. The fix will be available starting edge v104 and on later releases.

The NewSmartScreenLibrary policy is still available and will remain available until we're confident the issue has been resolved. The plan as of now is to deprecate it in v107. More details to come later on. https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#newsmartscreenlibraryenabled
Thank you for the update. Fixing the issue and keeping the NewSmartScreenLibrary policy for some additional month in place looks like the best solution.
I see Version 104.0.1293.70: August 25, 2022 came out yesteday...
however the release notes do not pinpoint this fix. Can the stable channel be updated to refclect the smartscreen fix?
I updated to 104.0.1293.70 and removed the NewSmartScreenLibrary GPO Setting today.
The issue actually seems to be resolved.
1 best response

Accepted Solutions
best response confirmed by Krinto1100 (Copper Contributor)
Solution
Hello all. Thank you for your patience. I'm the Product Manager for Smartscreen in Microsoft Edge and I want to provide a quick update. We've developed a fix to address this issue, and we're in the final stages of testing and validation before shipping to all customers. The fix will be available starting edge v104 and on later releases.

The NewSmartScreenLibrary policy is still available and will remain available until we're confident the issue has been resolved. The plan as of now is to deprecate it in v107. More details to come later on. https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#newsmartscreenlibraryenabled

View solution in original post