CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

18.9.80.2.2 (L1) Ensure 'Prevent bypassing Windows Defender SmartScreen prompts for files' is set to 'Enabled' (Scored)

ProfileApplicability:

 Level 1 (L1) - Corporate/Enterprise Environment (general use)

Description:

This setting lets you decide whether employees can override the SmartScreen Filter warnings about downloading unverified files.

The recommended state for this setting is: Enabled .

Rationale:

SmartScreen will warn an employee if a file is potentially malicious. Enabling this setting prevents these warnings frombeing bypassed.

Audit:

Navigate to the UI Path articulated in the Remediation section and confirm it is set as prescribed. This group policy setting is backed by the following registry location:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter:P reventOverrideAppRepUnknown

Remediation:

To establish the recommended configuration via GP, set the following UI path to Enabled:

Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MicrosoftEdge.admx/adml that is included with the Microsoft Windows 10 Release 1511 Administrative Templates (or newer). Note #2: In the Microsoft Windows 10 Release 1511 Administrative Templates, this setting was initially named Don't allow SmartScreen Filter warning overrides for unverified files . In the Microsoft Windows 10 Release 1607 & Server 2016 Administrative Templates, this setting was renamed to Prevent bypassing SmartScreen prompts for files . Finally, it was given its current name of Prevent bypassingWindows Defender SmartScreen prompts for files starting with the Windows 10 Release 1703 Administrative Templates.

1126 | P a g e