none
"SmartScreen for Microsoft Edge is off" RRS feed

  • Question

  • Today after performing a quick anti-virus scan, Windows Security popped a warning that my Edge is not operating SmartScreen.

    But, it is on. In fact it's configured from our Intune MDM configuration profiles. Both Edge settings and [App & browser control] settings show them to be on, and expectedly greyed out by enforcement from MDM.

    Where is this component reading up info that it's switched off?


    The melody of logic will always play out the truth. ~ Narumi Ayumu, Spiral


    • Edited by icelava Friday, May 15, 2020 8:23 AM spelling
    Thursday, May 14, 2020 6:23 AM

All replies

  • Hi, 

    Does the issue occur on other computers which reconfigured by same MDM? We should restart computer after applied configuration through domain side. 

    There are three items under apps&application, please leave them all as ON.

    We also recommend to check Smart Screen with the following measure.

    Through Group Policy:

    Computer Configuration/Administrative Templates/Windows Components/Windows Defender SmartScreen/Microsoft Edge

    Configure Windows Defender SmartScreen Filter=enable

    Through registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System
    EnableSmartScreen=1

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter
    EnabledV9=1

    If you changed one of those, try to reboot computer to apply them and check the issue again.


    " Please note that new questions regarding ‘Windows 10 Installation, Setup, and Deployment’ could NOT be posted in this forum anymore. This thread could be followed up until Mar-30th. We will be moving your thread to Microsoft Q&A if the deadline is missed. Register our new platform Microsoft Q&A (Preview)! for new questions or discussion. Check more details on sticky post.

    Friday, May 15, 2020 6:54 AM
    Moderator
  • Well no other colleague has complaint about such security warnings yet (or did not notice); now that we're all working remotely I can't convenient walk over to check.

    We're not using traditional AD so Group Policy is not our mechanism for policy delivery. Ours is Azure AD with Intune MDM.

    https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-protection-windows-10#microsoft-defender-smartscreen-settings

    targeting Policy CSP SmartScreen/EnableSmartScreenInShell (Windows level)

    and Intune administrative template for Computer Configuration > Microsoft Edge > SmartScreen settings (for Edge level)

    They're all successfully pushed to our enrolled computers.

    I have noticed that directives from MDM to Windows CSPs and Policy CSPs don't show up when I open the Local Group Policy Editor - they're always indicated as "Not configured". Guess the editor does not directly read values in Registry.

    Registry does not show the existence of HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\EnableSmartScreen or HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\ as a whole.

    I don't know why those values are not present in my computer. The Edge settings UI and Windows Security App & browser control UI clearly show they're switched on and greyed out to prevent switching off.

    The Windows MDM UI also indicates SmartScreen policies applied.

    Besides, Edge works expectedly against https://demo.smartscreen.msft.net/


    The melody of logic will always play out the truth. ~ Narumi Ayumu, Spiral



    • Edited by icelava Friday, May 15, 2020 9:08 AM
    Friday, May 15, 2020 8:57 AM
  • Ok I found my copy of Windows has the Registry values pathed to

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\SmartScreenEnabled
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\SmartScreenForTrustedDownloadsEnabled
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\SmartScreenPuaEnabled

    and they rightfully have been set to 1.

    Guessing Windows Security has not been updated and still expects the old path?

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge

    Similarly I also found that the Windows Defender Policy CSP defines (via Windowsdefender.admx) Registry path to

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Scan

    https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-disablecatchupquickscan

    when in reality the values are parked to

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager

    Is it me or is Windows in the midst of some sort of Registry re-organisation while the documentation can't keep up?


    The melody of logic will always play out the truth. ~ Narumi Ayumu, Spiral

    Monday, May 18, 2020 3:10 PM
  • Hi icelava, 

    Thank you for your reply. 

    I will research your issue and reply to your after got any information. 

    Thank you for your patience. 

    Bests, 


    " Please note that new questions regarding ‘Windows 10 Installation, Setup, and Deployment’ could NOT be posted in this forum anymore. This thread could be followed up until Mar-30th. We will be moving your thread to Microsoft Q&A if the deadline is missed. Register our new platform Microsoft Q&A (Preview)! for new questions or discussion. Check more details on sticky post.

    Tuesday, May 19, 2020 9:29 AM
    Moderator
  • Hi icelava, 

    Considering you are using Azure AD and MDM, we recommend to create a thread in AAD support on Q&A forum.

    They should be more familiar with your environment and policy, and should have more related information for you. However, on our side which only familiar with legacy AD and GP, which not fit for you as you said. 

    Thank your for your understanding. 

    Bests, 


    " Please note that new questions regarding ‘Windows 10 Installation, Setup, and Deployment’ could NOT be posted in this forum anymore. This thread could be followed up until Mar-30th. We will be moving your thread to Microsoft Q&A if the deadline is missed. Register our new platform Microsoft Q&A (Preview)! for new questions or discussion. Check more details on sticky post.

    Wednesday, May 20, 2020 9:00 AM
    Moderator
  • Hi icelava, 

    Considering you are using Azure AD and MDM, we recommend to create a thread in AAD support on Q&A forum.

    They should be more familiar with your environment and policy, and should have more related information for you. However, on our side which only familiar with legacy AD and GP, which not fit for you as you said. 

    Thank your for your understanding. 

    Bests, 


    " Please note that new questions regarding ‘Windows 10 Installation, Setup, and Deployment’ could NOT be posted in this forum anymore. This thread could be followed up until Mar-30th. We will be moving your thread to Microsoft Q&A if the deadline is missed. Register our new platform Microsoft Q&A (Preview)! for new questions or discussion. Check more details on sticky post.

    The forum engine there is still pretty immature and buggy. Not a lot of community participation.

    https://docs.microsoft.com/en-us/answers/questions/28232/smartscreen-for-microsoft-edge-is-off-but-its-not.html


    The melody of logic will always play out the truth. ~ Narumi Ayumu, Spiral

    Wednesday, May 20, 2020 10:40 AM