EDGE-00-000036 - Download restrictions must be configured.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Configure the type of downloads that Microsoft Edge completely blocks, without letting users override the security decision.

Set 'BlockDangerousDownloads' to allow all downloads except for those that carry Microsoft Defender SmartScreen warnings.

Set 'BlockPotentiallyDangerousDownloads' to allow all downloads except for those that carry Microsoft Defender SmartScreen warnings of potentially dangerous or unwanted downloads.

Set 'BlockAllDownloads' to block all downloads.

If this policy is not configured or the 'DefaultDownloadSecurity' option set, downloads go through the usual security restrictions based on Microsoft Defender SmartScreen analysis results.

Note that these restrictions apply to downloads from web page content, as well as the 'download link...' context menu option. These restrictions do not apply to saving or downloading the currently displayed page, nor do they apply to the 'Save as PDF' option from the printing options.

See https://go.microsoft.com/fwlink/?linkid=2094934 for more information on Microsoft Defender SmartScreen.

Policy options mapping:
- DefaultDownloadSecurity (0) = No special restrictions.
- BlockDangerousDownloads (1) = Block malicious downloads and dangerous file types.
- BlockPotentiallyDangerousDownloads (2) = Block potentially dangerous or unwanted downloads and dangerous file types.
- BlockAllDownloads (3) = Block all downloads.
- BlockMaliciousDownloads (4) = Block malicious downloads.

Solution

Set the policy value for 'Computer Configuration/Administrative Templates/Microsoft Edge/Allow download restrictions' to 'Enabled' and select 'BlockDangerousDownloads' or 'Block potentially dangerous or unwanted downloads'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Edge_V1R5_STIG.zip

Item Details

References: CAT|III, CCI|CCI-000381, Rule-ID|SV-235752r840165_rule, STIG-ID|EDGE-00-000036, Vuln-ID|V-235752

Plugin: Windows

Control ID: 988d01c270919f356703f6c5b6f69592eab9dbab193f515f6a1ec3419d9d9eec