1.20.4 Ensure 'Force Microsoft Defender SmartScreen checks on downloads from trusted sources' is set to 'Enabled'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This policy setting controls whether Microsoft Defender SmartScreen can check if downloads have been retrieved from a trusted source.

The recommended state for this setting is Enabled.

Rationale:

Windows Defender SmartScreen can verify that downloads are from a trusted source will can greatly reduce the chances of a user downloading an infected package to their machine.

Impact:

None - this is the default behavior.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled:

Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Force Microsoft Defender SmartScreen checks on downloads from trusted sources

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from Microsoft here.

Default Value:

Enabled. (The user can change this setting.)

See Also

https://workbench.cisecurity.org/files/4094