Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Web content filtering and indicator aren't working on third party browser

Brass Contributor

Hi, we have just noticed that web content filtering and customized indicators are not working on third party browsers after upgraded defender for endpoint to 4.18.23050.3, the issue has happened to both Win10 and Win11 machines.

 

Has anyone else got the same issue?

72 Replies
Hi Spark,

Do you have network protection enabled in the configuration of MDE?

In order for it to function it requires:
- An active content filtering policy
- it works on Edge, Chrome, FireFox, Brave or Opera if the network protection feature is enabled in block mode with customer network indicators turned on in the portal.



Hi Louis, Yes, I'm sure that all settings are correct. (Enabled content filtering policy and network protection). The feature was working fine before upgrading to 4.18.23050.3, and once we have rolled back to the previous version (by using mpcmdrun /revertplatform), the WCF and indicator will be working again. A Microsoft support guy has re-produced and confirmed that issue from his testing environment as well. I'm looking for a hotfix or mitigation to this issue but I haven't found it. All our endpoints have been impacted now even we have set the defender upgrade channel to broad channel to them.
Yes, we have. I'm sure that all settings are correctly enabled.

The web content filtering and indicator feature worked fine before upgrading to v4.18.23050.3.

I've submitted a ticket to Microsoft support and the Support guy has re-produced the issue in his testing environment, but he haven't found a solution yet. He also doesn't suggest to do a downgrade to the Defender even the after downgrade the web content filtering would be working again.
as per my post I have seen this has stopped working since 31st May as described here.
content filtering policy applied (and works on the same systems via edge smartscreen), network protection enabled in block mode, all prereqs in place and it worked until 31st May.

This is a big concern !
Anyone had a response from MS yet? We are seeing the same. Just logged a ticket

just raised a Sev A on it.

Hotfix is being deployed from today. should be hitting most systems in the next few days. estimated 12th for wide deployment/availability
Any luck sorting this guys ?
from my support ticket you can rever the platform to the previous release (the broken one has apparently been marked to not re-update to) from an elevated command prompt:
“%programdata%\Microsoft\Windows Defender\Platform\4.18.23050.3\MpCmdRun.exe” -RevertPlatform

that said... on my test system that doesn't seem to have resolved it.
I can confirm that RevertPlatform isn't working on this issue.

Because MS has rolled out 4.18.23050 to the broad channel, so that even you have reverted to an old stable version, the MDE will automatically upgrade itself to the latest version soon.

Also you can't do a RevertPlatform on a new installed PC, as the previous release on the new installation is very old.

They should add switch for setting the target version.
I'm really need to get this hotfix to be deployed ASAP, MS should roll back the new version release if they can't make a Hotfix immediately, it's a big security risk to us.
I would suggest raising a sev A support ticket. They might be able to provide the binaries for the update to you for "testing" (i.e. test it on every single endpoint) ahead of wide rollout picking up. it is probably available on insider update channels today if you have any insider devices to swipe it from.
Thanks, I will raise my ticket to A support and check the insider channel.
Just got off of my SevA ticket call. Confirmed fix is being worked on, aiming for today, but cannot guarantee it at this time. New file version should be 4.18.23050.6

Revert command worked on my laptop (although the path was slightly different to posted above) and they are sure it will not auto update to the broken version. I guess we'll see.

Im UK so we are going to have to wait now until the morning and hopefully come in to a newly released version or else we are going to have to push a revert out to a couple of thousand laptops and get them all to reboot.

not nice.
I've received hotfix from beta channel today, the hotfix version is 4.18.23050.5.

AMEngineVersion : 1.1.23050.3
AMProductVersion : 4.18.23050.5
AMServiceVersion : 4.18.23050.5
AntispywareSignatureVersion : 1.391.905.0
AntivirusSignatureVersion : 1.391.905.0
FullScanSignatureVersion : 1.385.1482.0
NISEngineVersion : 1.1.23050.3
NISSignatureVersion : 1.391.905.0
QuickScanSignatureVersion : 1.391.851.0
Its still not working with Version 4.18.23050.5, but not just with the third party browsers, but not with the Edge.
We are seeing some clients begin updating to 4.18.23050.5, havnt tested those yet. However when asking MS for confirmation of the 'fixed' version this morning , they have stated 4.18.23050.6 is the fixed version........which is 'estimated' to release today.

Despite being told it was releasing for our tenant on Friday.

So still in the dark as to when this will be fixed. Currently blocking execution of all third party browsers to mitigate risk,

Hello, does anyone have information if they released the new update?@Spark Zhang 

Nothing yet :( Latest we had from our escalation support engineer was......no ETA

 

that was about 3 hours ago