18.9.85.2.2 Ensure 'Prevent bypassing Windows Defender SmartScreen prompts for sites' is set to 'Enabled'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This setting lets you decide whether employees can override the SmartScreen Filter warnings about potentially malicious websites.

The recommended state for this setting is: Enabled.

Rationale:

SmartScreen will warn an employee if a website is potentially malicious. Enabling this setting prevents these warnings from being bypassed.

Impact:

Employees will not be able to ignore SmartScreen Filter warnings, and they will be blocked from going to potentially malicious websites that SmartScreen detects.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled:

Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MicrosoftEdge.admx/adml that is included with the Microsoft Windows 10 Release 1511 Administrative Templates (or newer).

Note #2: In the Microsoft Windows 10 Release 1511 Administrative Templates, this setting was initially named Don't allow SmartScreen Filter warning overrides. In the Microsoft Windows 10 Release 1607 & Server 2016 Administrative Templates, this setting was renamed to Prevent bypassing SmartScreen prompts for sites. Finally, it was given its current name of Prevent bypassing Windows Defender SmartScreen prompts for sites starting with the Windows 10 Release 1703 Administrative Templates.

Default Value:

Disabled. (Employees will be able to ignore SmartScreen Filter warnings about potentially malicious websites and continue to the site.)

See Also

https://workbench.cisecurity.org/files/3719