Jan 20 2020 01:11 PM - edited Jan 20 2020 01:17 PM
Edge v79 (stable) as well as Edge v80 (beta) mark a downloaded Java Webstart (JNLP) File as "can harm your computer" if SmartScreen is turned off. This is weird and seem to be a bug.
Here is a Demo-URL with a Demo-File https://hitco.at/java-webstart-demo/
The JNLP-File itself is just an XML-File, you don't need to hava Java Runtime to be installed to see the Problem:
Download [1] in the Screenshot is with Turned On "Windows Defender SmartScreen" and Download [2] is with Configured SmartScreen to be turned OFF (either in Settings or by GroupPolicy - doesn't matter, both show same result):
The old Legacy EdgeHTML Browser doesn't have this Bug, File can be downloaded with Smartscreen turned on or off - doesn't matter.
Jan 31 2020 02:58 AM
Feb 02 2020 11:49 PM
@simhayn The issue is still there in Edge Dev Version 81.0.403.1
Turn off Smartscreen:
open Demo-URL and klick the Download Link: https://hitco.at/java-webstart-demo/
Feb 14 2020 05:48 AM
Yes , i am able to replicate the issue . Will check this.
Apr 17 2020 03:17 AM
@simha2020 Much appreciated. We have the same issue.
Apr 17 2020 04:08 AM
Jun 29 2020 04:42 AM
Jun 29 2020 05:00 AM
We tried to get this fixed by using Premier Support Services as well as AppAssure.
I have no idea why it takes so much time. My latest Status-Update on this is, that there will be a Policy in Edge v85 (or v86) to configure this behaviour. Our Support-Contact told us it will be something like "DownloadsAllowOverrides". Todays Canary Version 85.0.558.0 seems not to have this already implemented.
Jun 29 2020 05:23 AM
@Gunnar-Haslinger Thanks! Yes, there is a new policy introduced since v85 regarding this: https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#autoopenfiletypes
It's not exactly about trust/untrust file types but about auto-opening certain file types. I have not tested yet.
Jun 29 2020 05:33 AM
Yes , that policy is different .
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#autoopenfiletypes
This policy to auto-opening of certain file types like .ica ..etc.
Earlier its use to prompt for download.
Regarding Jnlp its targeted for 85 as of now ( tentative) . Will update once we have any update on the same.
Jun 29 2020 05:37 AM
@stesch79 I saw AutoOpenFileTypes but after reading the description I'm pretty sure this is not what we are looking for.
Aug 12 2020 07:30 AM
SolutionStarting with Edge v85 (currently in beta) there is a new policy "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings" available which solves this issue:
See Documentation:
I can confirm this works with
Edge Beta 85.0.564.30
Edge Dev 86.0.594.1
BUT be aware: The text in the documentation is correct, but the given Samples in the documentation are currently wrong!
Citing the Sample in the docs:
SOFTWARE\Policies\Microsoft\Edge\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings\1
= {'domains': ['https://contoso.com', 'contoso2.com'], 'file_extension': 'jnlp'}
The single quotes in the examples are wrong, only double quotes are accepted and work! So this should be corrected to:
= {"domains": ["https://contoso.com", "contoso2.com"], "file_extension": "jnlp"}
To check my JNLP JavaWebStart Sample-Link https://hitco.at/java-webstart-demo/ successfully working, use following registry-Keys:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings] "1"="{\"domains\": [\"https://*.hitco.at\", \"https://hitco.at\"], \"file_extension\": \"jnlp\"}"
Aug 12 2020 04:25 PM
@Gunnar-Haslinger Thank you for finding the issue in the documentation! We will be working on a fix to update the examples.
Aug 12 2020 10:43 PM
@Kelly_Y
I already sent a Pull-Request to fix the examples yesterday: https://github.com/MicrosoftDocs/EdgeEnterprise/pull/166
Sep 09 2020 10:22 AM
@Gunnar-Haslinger The documentation has been updated to fix the typo in the examples (https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#exemptdomainfiletypepairsfromfil...)
Thanks again for letting us know!
-Kelly
Jun 21 2021 05:04 AM
Issue still exists in Version 91.0.864.41 (Official build) (64-bit) Workaround works for old Dell IDRACs but not for new DELL IDRAC 9
Even with the Registry set:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
1 = {"domains": ["ourdomain.de"], "file_extension": "jnlp"}
we also tried to exclude ".crdownload" because the downloaded temporary files were created in downloadfolder "Unconfirmed 339791.crdownload"
Any Ideas?
Jun 21 2021 06:49 AM - edited Jun 21 2021 06:53 AM
@PeDe I can confirm this Policy works as expected.
See my tested / working example above this post.
If your Registry-Export should show the contents of a .reg-File then there are Backslashes to escape all Quotation-Marks missing (see my sample).
you don't need to exclude ".crdownload", just "jnlp" without leading dot.
Maybe you like to show us a screenshot of your edge://policy/ to check if the policy is really formatted correctly.
Jul 02 2021 09:23 AM
I have tried the steps you described in your post, but unfortunately it is not working for us. The GPO and registry key are correct and are identical to your post.
I turned off the Microsoft Defender SmartScreen on Edge, but that made no difference.
We are running Edge Version 91.0.864.64 and Chrome Version 91.0.4472.124.
Any help will be greatly appreciated.
Jul 02 2021 12:03 PM
@Uaslam maybe you like to describe your scenario in more detail and provide a screenshot of the relevant edge://policy/ settings to check in detail what you configured and why it is not working as you expected.
Jul 02 2021 02:28 PM
Each time a user reply, reply all or Forward an email in the email pane in Dynamics 365, see below:
They get the following download message 'xyz.eml was blocked because this type of file can harm your device'.
I have made the changed to the settings as per your post, but that has made no difference. See the screenshot below for the edge://policy/
I can reproduce the same problem on Chrome too.
Thanks
Aug 12 2020 07:30 AM
SolutionStarting with Edge v85 (currently in beta) there is a new policy "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings" available which solves this issue:
See Documentation:
I can confirm this works with
Edge Beta 85.0.564.30
Edge Dev 86.0.594.1
BUT be aware: The text in the documentation is correct, but the given Samples in the documentation are currently wrong!
Citing the Sample in the docs:
SOFTWARE\Policies\Microsoft\Edge\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings\1
= {'domains': ['https://contoso.com', 'contoso2.com'], 'file_extension': 'jnlp'}
The single quotes in the examples are wrong, only double quotes are accepted and work! So this should be corrected to:
= {"domains": ["https://contoso.com", "contoso2.com"], "file_extension": "jnlp"}
To check my JNLP JavaWebStart Sample-Link https://hitco.at/java-webstart-demo/ successfully working, use following registry-Keys:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings] "1"="{\"domains\": [\"https://*.hitco.at\", \"https://hitco.at\"], \"file_extension\": \"jnlp\"}"