SOLVED

SmartScreen turned off -> Java Webstart JNLP Files are marked as "can harm your computer"

Steel Contributor

Edge v79 (stable) as well as Edge v80 (beta) mark a downloaded Java Webstart (JNLP) File as "can harm your computer" if SmartScreen is turned off. This is weird and seem to be a bug.

 

Here is a Demo-URL with a Demo-File https://hitco.at/java-webstart-demo/
The JNLP-File itself is just an XML-File, you don't need to hava Java Runtime to be installed to see the Problem: 
Download [1] in the Screenshot is with Turned On "Windows Defender SmartScreen" and Download [2] is with Configured SmartScreen to be turned OFF (either in Settings or by GroupPolicy - doesn't matter, both show same result):

clipboard_image_0.png

 

The old Legacy EdgeHTML Browser doesn't have this Bug, File can be downloaded with Smartscreen turned on or off - doesn't matter.

 

32 Replies

@Gunnar-Haslinger 

I dont see this issue in Edge Dev latest build 81.0.403.1.

 

@simhayn The issue is still there in Edge Dev Version 81.0.403.1

 

clipboard_image_1.png

 

Turn off Smartscreen:

clipboard_image_0.png

open Demo-URL and klick the Download Link: https://hitco.at/java-webstart-demo/

clipboard_image_2.png

Yes , i am able to replicate the issue . Will check this.

We have received couple of feedback on the same, looking Into this . This might take some to get back.

@stesch79 

 

We tried to get this fixed by using Premier Support Services as well as AppAssure. 

I have no idea why it takes so much time. My latest Status-Update on this is, that there will be a Policy in Edge v85 (or v86) to configure this behaviour. Our Support-Contact told us it will be something like "DownloadsAllowOverrides". Todays Canary Version 85.0.558.0 seems not to have this already implemented.

@Gunnar-Haslinger  Thanks! Yes, there is a new policy introduced since v85 regarding this: https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#autoopenfiletypes

It's not exactly about trust/untrust file types but about auto-opening certain file types. I have not tested yet. 

@stesch79 ;@Gunnar Haslinger

Yes , that policy is different .  

https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#autoopenfiletypes

This policy to auto-opening of certain file types like .ica ..etc.

 

Earlier its use to prompt for download.

Regarding Jnlp  its targeted for 85 as of now ( tentative) . Will update once we have any update on the same.

@stesch79 I saw AutoOpenFileTypes but after reading the description I'm pretty sure this is not what we are looking for.

best response confirmed by Gunnar-Haslinger (Steel Contributor)
Solution

Starting with Edge v85 (currently in beta) there is a new policy "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings" available which solves this issue:

 

See Documentation:

https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#exemptdomainfiletypepairsfromfil...

 

I can confirm this works with
Edge Beta 85.0.564.30
Edge Dev 86.0.594.1

BUT be aware: The text in the documentation is correct, but the given Samples in the documentation are currently wrong!

Citing the Sample in the docs:

SOFTWARE\Policies\Microsoft\Edge\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings\1
= {'domains': ['https://contoso.com', 'contoso2.com'], 'file_extension': 'jnlp'}


The single quotes in the examples are wrong, only double quotes are accepted and work! So this should be corrected to:
= {"domains": ["https://contoso.com", "contoso2.com"], "file_extension": "jnlp"}

 

To check my JNLP JavaWebStart Sample-Link https://hitco.at/java-webstart-demo/ successfully working, use following registry-Keys:

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings]
"1"="{\"domains\": [\"https://*.hitco.at\", \"https://hitco.at\"], \"file_extension\": \"jnlp\"}"

 

@Gunnar-Haslinger Thank you for finding the issue in the documentation!  We will be working on a fix to update the examples.  

@Gunnar-Haslinger The documentation has been updated to fix the typo in the examples (https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#exemptdomainfiletypepairsfromfil...)  

 

Thanks again for letting us know! 

 

-Kelly

Issue still exists in Version 91.0.864.41 (Official build) (64-bit) Workaround works for old Dell IDRACs but not for new DELL IDRAC 9

Even with the Registry set:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
1 = {"domains": ["ourdomain.de"], "file_extension": "jnlp"}

we also tried to exclude ".crdownload" because the downloaded temporary files were created in downloadfolder "Unconfirmed 339791.crdownload"

 

Any Ideas?

@PeDe I can confirm this Policy works as expected.

 

See my tested / working example above this post.

 

If your Registry-Export should show the contents of a .reg-File then there are Backslashes to escape all Quotation-Marks missing (see my sample). 

 

you don't need to exclude ".crdownload", just "jnlp" without leading dot.

 

Maybe you like to show us a screenshot of your edge://policy/ to check if the policy is really formatted correctly.

 

 

@Gunnar-Haslinger 

I have tried the steps you described in your post, but unfortunately it is not working for us. The GPO and registry key are correct and are identical to your post. 

I turned off the Microsoft Defender SmartScreen on Edge, but that made no difference. 

 

We are running Edge Version 91.0.864.64 and Chrome Version 91.0.4472.124.


Any help will be greatly appreciated. 

 


@Uaslam maybe you like to describe your scenario in more detail and provide a screenshot of the relevant edge://policy/ settings to check in detail what you configured and why it is not working as you expected.

@Gunnar-Haslinger 

Each time a user reply, reply all or Forward an email in the email pane in Dynamics 365, see below: 

Capture2.JPG

They get the following download message 'xyz.eml was blocked because this type of file can harm your device'.

 

I have made the changed to the settings as per your post, but that has made no difference. See the screenshot below for the edge://policy/

 

Capture.JPG


I can reproduce the same problem on Chrome too. 

 

Thanks 

1 best response

Accepted Solutions
best response confirmed by Gunnar-Haslinger (Steel Contributor)
Solution

Starting with Edge v85 (currently in beta) there is a new policy "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings" available which solves this issue:

 

See Documentation:

https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#exemptdomainfiletypepairsfromfil...

 

I can confirm this works with
Edge Beta 85.0.564.30
Edge Dev 86.0.594.1

BUT be aware: The text in the documentation is correct, but the given Samples in the documentation are currently wrong!

Citing the Sample in the docs:

SOFTWARE\Policies\Microsoft\Edge\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings\1
= {'domains': ['https://contoso.com', 'contoso2.com'], 'file_extension': 'jnlp'}


The single quotes in the examples are wrong, only double quotes are accepted and work! So this should be corrected to:
= {"domains": ["https://contoso.com", "contoso2.com"], "file_extension": "jnlp"}

 

To check my JNLP JavaWebStart Sample-Link https://hitco.at/java-webstart-demo/ successfully working, use following registry-Keys:

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings]
"1"="{\"domains\": [\"https://*.hitco.at\", \"https://hitco.at\"], \"file_extension\": \"jnlp\"}"

 

View solution in original post