SmartScreen turned off -> Java Webstart JNLP Files are marked as "can harm your computer"

Frequent Contributor

Edge v79 (stable) as well as Edge v80 (beta) mark a downloaded Java Webstart (JNLP) File as "can harm your computer" if SmartScreen is turned off. This is weird and seem to be a bug.


Here is a Demo-URL with a Demo-File
The JNLP-File itself is just an XML-File, you don't need to hava Java Runtime to be installed to see the Problem: 
Download [1] in the Screenshot is with Turned On "Windows Defender SmartScreen" and Download [2] is with Configured SmartScreen to be turned OFF (either in Settings or by GroupPolicy - doesn't matter, both show same result):



The old Legacy EdgeHTML Browser doesn't have this Bug, File can be downloaded with Smartscreen turned on or off - doesn't matter.


30 Replies

@Uaslam I have no Idea how you configured this policy to produce an edge://policy Screenshot showing two separate entries (two separate lines). The policy seems to be designed to configure one extension per entry allowing to address multiple domains per entry/extension. But even if I try to do it how I guess you did it (adding two policies for "eml" Extension) I cannot reproduce a screenshot like yours. As you made the interesting part unreadable I'm not able to help.


I suggest to start with this single line globally setting eml not to be harmful, if this works you can play arround to find out what's wrong with your domain-entries.





"1"="{\"domains\": [\"*\"], \"file_extension\": \"eml\"}"


@Gunnar Haslinger 

Hello everyone,


First of all, thank you very much for your contributions Unfortunately the solution doesn't work for me yet.


Maybe a mistake was included ... I would be very grateful for your help


Path in Registry: 





Thanks alot 



@Theo2424 your screenshot shows that your registry-Key is not formatted right.

My "regedit code sample" was not provided to be copied into regedit but in a .reg file to import in regedit, therefore escaping of the quotes is needed in .reg Files but not in regedit graphical Editor itself.


Compare with this working screenshot:



@Gunnar Haslinger 


Your advice on this thread has been very useful for me when testing this policy so thank you for that


Has anyone else had issues getting this to work when specifying a domain?  I am trying to solve an issue where smartscreen is by default blocking the downloading of msg files in Edge (Version: and the users have to override the warning by selecting keep each time.


If I use a wildcard for the domains it works correctly and the file downloads without the smartscreen prompt.


But if I want to lock this down to a specific domain, in this case our sharepoint, the file is blocked by smartscreen







The redacted link of the msg file


I have tried adding * before and after but no joy


I have replicated this behaviour with another domain as well.


Very puzzling






@Antony Paul your Policy-Screenshot shows a different domain than your link:


@Gunnar Haslinger 


Oh dear how embarrassing.  A rookie mistake.  I had been focused on the Onedrive URL and not even noticed they were different.:facepalm:


Thanks for pointing that out and it is now working as expected.  I suspect my issue with the other domain is similar!



@Gunnar Haslinger



It looks ok, i just removed the Domain from the screenshot. I also was in touch with Dell and asked them why Dell iDRAC 8 would work with this workaround and Dell iDrac 9 would not. They said it relies on the browser and as it works with 8 everything would be fine from their side. Since it only checks for the ending...
So there must be something wrong with Edge...
Support wouldn´t escalate it further up the chain.

Only difference i can see ist that the urls look diffrent:
DRAC 8 https://FQDN/index.html
DRAC 9 https://FQDN/restgui/index.html

The one with red x is the DRAC 9 and the other one DRAC 8


And in the file explorer you see the temporary file, when i select keep it works but shouldn´t it work in both since it checks domain and filextension only?



@PeDe You show us a Problem with JNLP (Java WebStart Files) but give us Links to html-Files, so that are not the URLs of the jnlp files but just html-File Links. Have a Look at the REAL URL of the jnlp Files and not the html-File which probably contains code to download jnlp 

DRAC 8 https://FQDN/index.html
DRAC 9 https://FQDN/restgui/index.html



@Gunnar Haslinger 


Has anyone got these files to open automatically rather than having to download/save/open?

@KamranB that's possible using the AutoOpenFileTypes and AutoOpenAllowedForURLs Policy.