SOLVED

SmartScreen turned off -> Java Webstart JNLP Files are marked as "can harm your computer"

Steel Contributor

Edge v79 (stable) as well as Edge v80 (beta) mark a downloaded Java Webstart (JNLP) File as "can harm your computer" if SmartScreen is turned off. This is weird and seem to be a bug.

 

Here is a Demo-URL with a Demo-File https://hitco.at/java-webstart-demo/
The JNLP-File itself is just an XML-File, you don't need to hava Java Runtime to be installed to see the Problem: 
Download [1] in the Screenshot is with Turned On "Windows Defender SmartScreen" and Download [2] is with Configured SmartScreen to be turned OFF (either in Settings or by GroupPolicy - doesn't matter, both show same result):

clipboard_image_0.png

 

The old Legacy EdgeHTML Browser doesn't have this Bug, File can be downloaded with Smartscreen turned on or off - doesn't matter.

 

32 Replies

@Gunnar Haslinger 

I dont see this issue in Edge Dev latest build 81.0.403.1.

 

@simhayn The issue is still there in Edge Dev Version 81.0.403.1

 

clipboard_image_1.png

 

Turn off Smartscreen:

clipboard_image_0.png

open Demo-URL and klick the Download Link: https://hitco.at/java-webstart-demo/

clipboard_image_2.png

Yes , i am able to replicate the issue . Will check this.

We have received couple of feedback on the same, looking Into this . This might take some to get back.

@stesch79 

 

We tried to get this fixed by using Premier Support Services as well as AppAssure. 

I have no idea why it takes so much time. My latest Status-Update on this is, that there will be a Policy in Edge v85 (or v86) to configure this behaviour. Our Support-Contact told us it will be something like "DownloadsAllowOverrides". Todays Canary Version 85.0.558.0 seems not to have this already implemented.

@Gunnar Haslinger  Thanks! Yes, there is a new policy introduced since v85 regarding this: https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#autoopenfiletypes

It's not exactly about trust/untrust file types but about auto-opening certain file types. I have not tested yet. 

@stesch79 ;@Gunnar Haslinger

Yes , that policy is different .  

https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#autoopenfiletypes

This policy to auto-opening of certain file types like .ica ..etc.

 

Earlier its use to prompt for download.

Regarding Jnlp  its targeted for 85 as of now ( tentative) . Will update once we have any update on the same.

@stesch79 I saw AutoOpenFileTypes but after reading the description I'm pretty sure this is not what we are looking for.

best response confirmed by Gunnar Haslinger (Steel Contributor)
Solution

Starting with Edge v85 (currently in beta) there is a new policy "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings" available which solves this issue:

 

See Documentation:

https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#exemptdomainfiletypepairsfromfil...

 

I can confirm this works with
Edge Beta 85.0.564.30
Edge Dev 86.0.594.1

BUT be aware: The text in the documentation is correct, but the given Samples in the documentation are currently wrong!

Citing the Sample in the docs:

SOFTWARE\Policies\Microsoft\Edge\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings\1
= {'domains': ['https://contoso.com', 'contoso2.com'], 'file_extension': 'jnlp'}


The single quotes in the examples are wrong, only double quotes are accepted and work! So this should be corrected to:
= {"domains": ["https://contoso.com", "contoso2.com"], "file_extension": "jnlp"}

 

To check my JNLP JavaWebStart Sample-Link https://hitco.at/java-webstart-demo/ successfully working, use following registry-Keys:

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings]
"1"="{\"domains\": [\"https://*.hitco.at\", \"https://hitco.at\"], \"file_extension\": \"jnlp\"}"

 

@Gunnar Haslinger Thank you for finding the issue in the documentation!  We will be working on a fix to update the examples.  

@Gunnar Haslinger The documentation has been updated to fix the typo in the examples (https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#exemptdomainfiletypepairsfromfil...)  

 

Thanks again for letting us know! 

 

-Kelly

Issue still exists in Version 91.0.864.41 (Official build) (64-bit) Workaround works for old Dell IDRACs but not for new DELL IDRAC 9

Even with the Registry set:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
1 = {"domains": ["ourdomain.de"], "file_extension": "jnlp"}

we also tried to exclude ".crdownload" because the downloaded temporary files were created in downloadfolder "Unconfirmed 339791.crdownload"

 

Any Ideas?

@PeDe I can confirm this Policy works as expected.

 

See my tested / working example above this post.

 

If your Registry-Export should show the contents of a .reg-File then there are Backslashes to escape all Quotation-Marks missing (see my sample). 

 

you don't need to exclude ".crdownload", just "jnlp" without leading dot.

 

Maybe you like to show us a screenshot of your edge://policy/ to check if the policy is really formatted correctly.

 

 

@Gunnar Haslinger 

I have tried the steps you described in your post, but unfortunately it is not working for us. The GPO and registry key are correct and are identical to your post. 

I turned off the Microsoft Defender SmartScreen on Edge, but that made no difference. 

 

We are running Edge Version 91.0.864.64 and Chrome Version 91.0.4472.124.


Any help will be greatly appreciated. 

 


@Uaslam maybe you like to describe your scenario in more detail and provide a screenshot of the relevant edge://policy/ settings to check in detail what you configured and why it is not working as you expected.

@Gunnar Haslinger 

Each time a user reply, reply all or Forward an email in the email pane in Dynamics 365, see below: 

Capture2.JPG

They get the following download message 'xyz.eml was blocked because this type of file can harm your device'.

 

I have made the changed to the settings as per your post, but that has made no difference. See the screenshot below for the edge://policy/

 

Capture.JPG


I can reproduce the same problem on Chrome too. 

 

Thanks 

1 best response

Accepted Solutions
best response confirmed by Gunnar Haslinger (Steel Contributor)
Solution

Starting with Edge v85 (currently in beta) there is a new policy "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings" available which solves this issue:

 

See Documentation:

https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#exemptdomainfiletypepairsfromfil...

 

I can confirm this works with
Edge Beta 85.0.564.30
Edge Dev 86.0.594.1

BUT be aware: The text in the documentation is correct, but the given Samples in the documentation are currently wrong!

Citing the Sample in the docs:

SOFTWARE\Policies\Microsoft\Edge\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings\1
= {'domains': ['https://contoso.com', 'contoso2.com'], 'file_extension': 'jnlp'}


The single quotes in the examples are wrong, only double quotes are accepted and work! So this should be corrected to:
= {"domains": ["https://contoso.com", "contoso2.com"], "file_extension": "jnlp"}

 

To check my JNLP JavaWebStart Sample-Link https://hitco.at/java-webstart-demo/ successfully working, use following registry-Keys:

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings]
"1"="{\"domains\": [\"https://*.hitco.at\", \"https://hitco.at\"], \"file_extension\": \"jnlp\"}"

 

View solution in original post