Jul 20 2022 05:20 AM - edited Jul 20 2022 05:25 AM
Hello,
after I upgraded from 102.0.1245.41 to 103.0.1264.49, Smartscreen doesn't work anymore and downloads are displayed after about 20 seconds.
With 103.X no warnings are shown at https://demo.smartscreen.msft.net, but with 102.X I get some. The error also occurs in Beta (104.0.1293.25) and Dev (105.0.1321.0).
The problem only seems to occur on a terminal server farm (Server 2016 + Citrix virtual Apps and Desktops CU5) and VDI environment (Windows 10 + Citrix virtual Apps and Desktops CU5). Windows Defender is disabled as we are using Sophos AV.
As soon as I start a test at https://demo.smartscreen.msft.net, or download a file, the process swi_fc (Sophos Web-Protection) tries to connect to various IPs ( for example 20.67.219.150, 20.73.130.64, 20.86.849.62). Port 443 is used.
When I disable Sophos Web-Protection, MSEdge initiates the same connections.
In both cases, the connection is not opened via proxy. Sophos or Edge try to open the connections directly. However, this is forbidden in our system, which is probably the reason for the 20 second timeout on downloads.
If I set
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\NewSmartScreenLibraryEnabled = 0
the error is gone. Warnings and downloads work again and I don't see any failed connections from swi_fc or msedge. However, with Edge 105, the old library is no longer delivered. So this is not a permanent solution. https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel#version-1020124550...
Allowing direct connections via port 443 also fixes the problem.
Does anyone have any ideas what I could do?
Aug 29 2022 06:27 AM
Sep 05 2022 05:08 AM - edited Sep 05 2022 05:22 AM
@Tinzou @PackerBacker @AndresPico
Today I updated my environment to 105.0.1343.27 and unfortunately it doesn't work anymore.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\NewSmartScreenLibraryEnabled = 1 / SmartScreen is not working.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\NewSmartScreenLibraryEnabled = 0 / SmartScreen works
However, a downgrade to 104.0.1293.70 worked fine:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\NewSmartScreenLibraryEnabled = 1 / SmartScreen works.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\NewSmartScreenLibraryEnabled = 0 / SmartScreen works.
Can anyone confirm this?
Sep 06 2022 06:39 AM
Sep 06 2022 06:52 AM - edited Sep 06 2022 06:53 AM
through a proxy??
Sep 06 2022 09:30 AM
Hello Everyone - We have received an update from the team that the issue has been fixed with Stable 105.0.1343.25 and Extended Stable 104.0.1293.78, which had been released on September 1, 2022.
And the fix will be available by default on the first stable version of 106 and later.
Please update to the latest and let us know if you are still experiencing issues. Thanks!
-Kelly
Sep 06 2022 01:12 PM
Sep 06 2022 01:15 PM
Sep 06 2022 10:38 PM - edited Sep 06 2022 10:39 PM
Hello @Kelly_Y,
I did some further testing and found a difference between Windows 10 (21H1 in my case) and Server 2016:
Windows 10 21H1
Edge 105.0.1343.27
NewSmartScreenLibraryEnabled = 0 / working
NewSmartScreenLibraryEnabled = 1 / working
Edge 104.0.1293.78
NewSmartScreenLibraryEnabled = 0 / working
NewSmartScreenLibraryEnabled = 1 / working
Edge 104.0.1293.70
NewSmartScreenLibraryEnabled = 0 / working
NewSmartScreenLibraryEnabled = 1 / working
Edge 103.0.1264.49
NewSmartScreenLibraryEnabled = 0 / working
NewSmartScreenLibraryEnabled = 1 / NOT working
=======================================
Windows Server 2016
Edge 105.0.1343.27
NewSmartScreenLibraryEnabled = 0 / working
NewSmartScreenLibraryEnabled = 1 / NOT working
Edge 104.0.1293.78
NewSmartScreenLibraryEnabled = 0 / working
NewSmartScreenLibraryEnabled = 1 / NOT working
Edge 104.0.1293.70
NewSmartScreenLibraryEnabled = 0 / working
NewSmartScreenLibraryEnabled = 1 / working
Edge 103.0.1264.49
NewSmartScreenLibraryEnabled = 0 / working
NewSmartScreenLibraryEnabled = 1 / NOT working
May someone else can confirm?
Regards.
Sep 07 2022 11:33 AM
@Krinto1100 The issue should have been fixed with Stable v105.0.1343.25+ and Extended Stable 104.0.1293.78+. Are you reproducing the issue on Windows Server 2016 even after updating MS Edge and not configuring the NewSmartScreenLibraryEnabled policy, so using the new SmartScreen library?
-Kelly
Sep 07 2022 10:06 PM
Thanks for your quick response.
I can still reproduce the error when installing the latest version of Edge (105.0.1343.27) on a 2016 server.
The error occurs when NewSmartScreenLibraryEnabled = 1 or NewSmartScreenLibraryEnabled does not exist.
Furthermore, I just tested it on a Server 2016 outside the domain, the error occurs here as well.
The error always seems to occur when I use the new SmartScreen library and I am on a Server 2016.
Unfortunately I'm on vacation for the next 2,5 week, so I can't reply.
Sep 08 2022 05:46 AM - edited Sep 08 2022 05:47 AM
I opened a case with Microsoft.. this is the response
Thanks for prompting me to check on this once more today-what you’re hearing is correct. The issue has been fixed with Stable 105.0.1343.25 and Extended Stable 104.0.1293.78, and the fix will be available by default on the first stable version of 106 and later.
Sep 15 2022 02:55 PM
@Tinzou Yes, that is currently the plan. More information in the Release Notes: https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnote-beta-channel#version-1060137015-s...
-Kelly
Sep 30 2022 02:56 AM
Today I tested 105.0.1343.53 on Server 2016 and it is still not working.
NewSmartScreenLibraryEnabled = 0 / shows warnings on https://demo.smartscreen.msft.net/
NewSmartScreenLibraryEnabled = 1 / didn't shows warnings on https://demo.smartscreen.msft.net/
Can anyone confirm this or does smartscreen on server 2016 work for you?
Kelly_Y are you still working on that or is it just me?
Sep 30 2022 04:24 AM
@Krinto1100
Hello
We had exactly the same issue in our environment. We did not realize that they were two different problems. But once this became clear, we examined the log files on the proxy server even more closely. It turns out that we are not allowed to authenticate users for the URL “smartscreen.microsoft.com”. Once the URL has been defined as an exception, SmartScreen (with the new library) is doing the job as expected. Perhaps this will give you a hint.
Regards
Oct 11 2022 10:02 PM
@Ricky_S thanks for your hint and sorry for my late response. My coworker was on vacation and I had much other things to do.
Did SmartScreen realy work for you on Server 2016 without HKLM\SOFTWARE\Policies\Microsoft\Edge\NewSmartScreenLibraryEnabled or NewSmartScreenLibraryEnabled = 1?
I can't get it to work. No way for me.
There are also no messages on our proxy.
For testing, I setup three systems (Win 10 21H2, Server 2016 and Server 2022):
- separate VLAN
- no domain
- Edge 106.0.1370.42
- Sophos AV
- Proxy (user and system) are in place
- Systems are up-to-date
Server 2022 and Windows 10 21H2 are working as expected, but Server 2016 doesn't. There are no warning when testing on demo.smartscreen.msft.net.
Sadly, with Edge 106.0.1370.34 the Policy NewSmartScreenLibraryEnabled got deprecated, so I have no way to make SmartScreen work on Server 2016 anymore.
Today is patch day but I have to stick with Edge 105 because of this issue.
If someone had an idea, please share.
Oct 13 2022 04:41 AM
Oct 13 2022 10:18 AM
@Krinto1100 Hello! I see that the team is aware of an issue affecting Server 2016 specifically and they were working on the fix. I reached out to them to get more information. Or like @Ricky_S mentioned you can open a Support request and they can investigate your specific scenario. Thanks!
-Kelly
Oct 13 2022 01:13 PM
@Krinto1100 Quick update from the team, they are experimenting with the fix. You can test it out using the latest MS Edge Canary channel with feature flag --enable-features=msSmartScreenUseEdgeNetworking. Let us know if that resolves your issue.
-Kelly
Oct 17 2022 01:16 AM
@Kelly_Y thank you very much!
I have installed and tested Edge Canary on different systems. Once -enable-features=msSmartScreenUseEdgeNetworking is used, the error no longer occurs and SmartScreen works.
Can the GPO NewSmartScreenLibraryEnabled please remain active until the error is fixed? Otherwise SmartScreen will not work on my RDS farm when 107 is released.
Oct 17 2022 01:57 PM
@Krinto1100 The latest information that I've heard from the team is the NewSmartScreenLibraryEnabled policy is deprecated but it will continue to work through v107, so you should not have any issues.
Also, they plan to release the -enable-features=msSmartScreenUseEdgeNetworking fix in v107.
Thanks!
-Kelly