mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-17 11:23:45 +00:00
Updated content based on tech review
This commit is contained in:
LizRoss
@ -16,19 +16,32 @@ localizationpriority: high
|
||||
- Windows 10
|
||||
- Windows 10 Mobile
|
||||
|
||||
Windows Defender SmartScreen works with Group Policy and mobile device management (MDM) settings to help you manage your organization's computer settings.
|
||||
Windows Defender SmartScreen works with Group Policy and mobile device management (MDM) settings to help you manage your organization's computer settings. Based on how you set up Windows Defender SmartScreen, you can show employees a warning page and let them continue to the site, or you can block the site entirely.
|
||||
|
||||
## How SmartScreen works when an employee tries to run an app
|
||||
Windows Defender SmartScreen checks the reputation of any web-based app the first time it's run from the Internet, checking digital signatures and other factors against a Microsoft-maintained service. If an app has no reputation or is known to be malicious, SmartScreen can warn the employee or block the app from running entirely, depending on how you've configured the feature to run in your organization.
|
||||
By default, your employees can bypass SmartScreen protection, letting them run legitimate apps after accepting a warning message prompt. You can also use Group Policy or Microsoft Intune to block employees from using unrecognized apps, or to entirely turn off Windows Defender SmartScreen (not recommended).
|
||||
|
||||
### How employees can report websites as safe or unsafe
|
||||
You can configure Windows Defender SmartScreen to warn employees from going to a potentially dangerous site. Employees can then choose to report a website as safe from the warning message or as unsafe from within Microsoft Edge and Internet Explorer 11.
|
||||
|
||||
**To report a website as safe from the warning message**
|
||||
- On the warning screen for the site, click **More Information**, and then click **Report that this site does not contain threats**. The site info is sent to the Microsoft feedback site, which provides further instructions.
|
||||
|
||||
**To report a website as unsafe from Microsoft Edge**
|
||||
- If a site seems potentially dangerous, employees can report it to Microsoft by clicking **More (...)**, clicking **Send feedback**, and then clicking **Report unsafe site**.
|
||||
|
||||
**To report a website as unsafe from Internet Explorer 11**
|
||||
- If a site seems potentially dangerous, employees can report it to Microsoft by clicking on the **Tools** menu, clicking **Windows Defender SmartScreen**, and then clicking **Report unsafe website**.
|
||||
|
||||
## Group Policy settings
|
||||
Group Policy objects (GPO's) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain.
|
||||
|
||||
>[!Note]
|
||||
>To apply your Group Policy setting to all users of a computer, you should use the setting in the Computer Configuration policy. To apply your Group Policy setting to specific users, you should use the setting in the User Configuration policy. For more info about Group Policy, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514). This site provides links to the latest technical documentation, videos, and downloads for Group Policy.
|
||||
SmartScreen uses registry-based Administrative Template policy settings. To apply your Group Policy setting to all users of a computer, you should use the setting in the Computer Configuration policy. To apply your Group Policy setting to specific users, you should use the setting in the User Configuration policy. For more info about Group Policy, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514). This site provides links to the latest technical documentation, videos, and downloads for Group Policy.
|
||||
|
||||
<table>
|
||||
<tr>
|
||||
<th>Setting</th>
|
||||
<th>Supported on</th>
|
||||
<th>Description</th>
|
||||
<th align="left">Setting</th>
|
||||
<th align="left">Supported on</th>
|
||||
<th align="left">Description</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><strong>Windows 10, version 1703:</strong><br>Administrative Templates\Windows Components\File Explorer\Configure Windows Defender SmartScreen<p><strong>Windows 10, Version 1607 and earlier:</strong><br>Administrative Templates\Windows Components\File Explorer\Configure Windows SmartScreen</td>
|
||||
@ -56,17 +69,17 @@ Group Policy objects (GPO's) can include registry-based Administrative Template
|
||||
<td>This policy setting stops employees from bypassing the Windows Defender SmartScreen warnings about potentially malicious sites.<p>If you enable this setting, it stops employees from bypassing the warning, stopping them from going to the site.<p>If you disable or don't configure this setting (default), your employees can bypass the warnings and continue to visit a potentially malicious site.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><strong>Administrative Templates\Windows Components\Internet Explorer\Prevent managing SmartScreen Filter</td>
|
||||
<td>Administrative Templates\Windows Components\Internet Explorer\Prevent managing SmartScreen Filter</td>
|
||||
<td>Windows 10</td>
|
||||
<td>This policy setting prevents the employee from managing SmartScreen Filter.<p>If you enable this policy setting, the employee isn't prompted to turn on SmartScreen Filter. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the employee.<p>If you disable or don't configure this policy setting (default), the employee is prompted to decide whether to turn on SmartScreen Filter during the first-run experience.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><strong>Administrative Templates\Windows Components\Internet Explorer\Prevent bypassing SmartScreen Filter warnings</td>
|
||||
<td>Administrative Templates\Windows Components\Internet Explorer\Prevent bypassing SmartScreen Filter warnings</td>
|
||||
<td>Windows 10</td>
|
||||
<td>This policy setting determines whether an employee can bypass warnings from SmartScreen Filter.<p>If you enable this policy setting, SmartScreen Filter warnings block the employee.<p>If you disable or don't configure this policy setting (default), the employee can bypass SmartScreen Filter warnings.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><strong>Administrative Templates\Windows Components\Internet Explorer\Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet</td>
|
||||
<td>Administrative Templates\Windows Components\Internet Explorer\Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet</td>
|
||||
<td>Windows 10</td>
|
||||
<td>This policy setting determines whether the employee can bypass warnings from SmartScreen Filter. SmartScreen Filter warns the employee about executable files that Internet Explorer users do not commonly download from the Internet.<p>If you enable this policy setting, SmartScreen Filter warnings block the employee.<p>If you disable or don't configure this policy setting (default), the employee can bypass SmartScreen Filter warnings.</td>
|
||||
</tr>
|
||||
@ -77,9 +90,9 @@ If you manage your policies using Microsoft Intune, you'll want to use these MDM
|
||||
|
||||
<table>
|
||||
<tr>
|
||||
<th>Setting</th>
|
||||
<th>Supported versions</th>
|
||||
<th>Details</th>
|
||||
<th align="left">Setting</th>
|
||||
<th align="left">Supported versions</th>
|
||||
<th align="left">Details</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>AllowSmartScreen</td>
|
||||
@ -162,51 +175,51 @@ To better help you protect your organization, we recommend turning on and using
|
||||
|
||||
<table>
|
||||
<tr>
|
||||
<th>Group Policy setting</th>
|
||||
<th>Recommendation</th>
|
||||
<th align="left">Group Policy setting</th>
|
||||
<th align="left">Recommendation</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Administrative Templates\Windows Components\Microsoft Edge\Configure Windows Defender SmartScreen</td>
|
||||
<td>Enable.<br>Turns on Windows Defender SmartScreen.</td>
|
||||
<td><strong>Enable.</strong> Turns on Windows Defender SmartScreen.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites</td>
|
||||
<td>Enable.<br>Stops employees from ignoring warning messages and continuing on to a potentially malicious website.</td>
|
||||
<td><strong>Enable.</strong> Stops employees from ignoring warning messages and continuing on to a potentially malicious website.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files</td>
|
||||
<td>Enable.<br>Stops employees from ingnoring warning messages and continuing to download potentially malicious files.</td>
|
||||
<td><strong>Enable.</strong> Stops employees from ingnoring warning messages and continuing to download potentially malicious files.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Administrative Templates\Windows Components\File Explorer\Configure Windows Defender SmartScreen</td>
|
||||
<td>Enable with the Warn and prevent bypass option.<br>Stops employees from ignoring warning messages about malicious files downloaded from the Internet.</td>
|
||||
<td><strong>Enable with the Warn and prevent bypass option.</strong> Stops employees from ignoring warning messages about malicious files downloaded from the Internet.</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<p>
|
||||
<table>
|
||||
<tr>
|
||||
<th>MDM setting</th>
|
||||
<th>Recommendation</th>
|
||||
<th align="left">MDM setting</th>
|
||||
<th align="left">Recommendation</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Browser/AllowSmartScreen</td>
|
||||
<td>1.<br>Turns on Windows Defender SmartScreen.</td>
|
||||
<td><strong>1.</strong> Turns on Windows Defender SmartScreen.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Browser/PreventSmartScreenPromptOverride</td>
|
||||
<td>1.<br>Stops employees from ignoring warning messages and continuing on to a potentially malicious website.</td>
|
||||
<td><strong>1.</strong> Stops employees from ignoring warning messages and continuing on to a potentially malicious website.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Browser/PreventSmartScreenPromptOverrideForFiles</td>
|
||||
<td>1.<br>Stops employees from ingnoring warning messages and continuing to download potentially malicious files.</td>
|
||||
<td><strong>1.</strong> Stops employees from ingnoring warning messages and continuing to download potentially malicious files.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>SmartScreen/EnableSmartScreenInShell</td>
|
||||
<td>1. Turns on Windows Defender SmartScreen in Windows.<p>Requires at least Windows 10, version 1703.</td>
|
||||
<td><strong>1.</strong> Turns on Windows Defender SmartScreen in Windows.<p>Requires at least Windows 10, version 1703.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>SmartScreen/PreventOverrideForFilesInShell</td>
|
||||
<td>1.<br>Stops employees from ignoring warning messages about malicious files downloaded from the Internet.<p>Requires at least Windows 10, version 1703.</td>
|
||||
<td><strong>1.</strong> Stops employees from ignoring warning messages about malicious files downloaded from the Internet.<p>Requires at least Windows 10, version 1703.</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|
||||
@ -16,60 +16,42 @@ localizationpriority: high
|
||||
- Windows 10
|
||||
- Windows 10 Mobile
|
||||
|
||||
Windows Defender SmartScreen helps to protect your employees if they try to visit sites previously reported as phishing or malware websites, or if an employee tries to download potentially malicious files. Based on how you set up Windows Defender SmartScreen, you can show employees a warning page and let them continue to the site, or you can block the site entirely.
|
||||
Windows Defender SmartScreen helps to protect your employees if they try to visit sites previously reported as phishing or malware websites, or if an employee tries to download potentially malicious files.
|
||||
|
||||
SmartScreen determines whether a site is potentially malicious by:
|
||||
>[!NOTE]
|
||||
>SmartScreen completely blocks apps from the Internet from running on Windows 10 Mobile.
|
||||
|
||||
**In Microsoft Edge and Internet Explorer**
|
||||
**SmartScreen determines whether a site is potentially malicious by:**
|
||||
|
||||
- Analyzing visited webpages looking for indications of suspicious behavior. If it finds suspicious pages, SmartScreen shows a warning page,advising caution.
|
||||
- Analyzing visited webpages looking for indications of suspicious behavior. If it finds suspicious pages, SmartScreen shows a warning page, advising caution.
|
||||
|
||||
- Checking the vistied sites against a dynamic list of reported phishing sites and malicious software sites. If it finds a match, SmartScreen shows a warning to let the user know that the site might be malicious.
|
||||
- Checking the visited sites against a dynamic list of reported phishing sites and malicious software sites. If it finds a match, SmartScreen shows a warning to let the user know that the site might be malicious.
|
||||
|
||||
**In Microsoft Edge, Internet Explorer, and 3rd-party browsers**
|
||||
**SmartScreen determines whether a downloaded app or app installer is potentially malicious by**
|
||||
|
||||
- Checking downloaded files against a list of reported malicious software sites and programs known to be unsafe. If it finds a match, SmartScreen shows a warning to let the user know that the site might be malicious.
|
||||
|
||||
- Checking downloaded files against a list of files that are well known and downloaded by many Windows users. If the file isn't on that list, SmartScreen shows a warning, advising caution.
|
||||
|
||||
>[!NOTE]
|
||||
>Before Windows 10, version 1703 this feature was called the SmartScreen when used within the browser and Windows SmartScreen when used outside of the browser.
|
||||
>Before Windows 10, version 1703 this feature was called the SmartScreen Filter when used within the browser and Windows SmartScreen when used outside of the browser.
|
||||
|
||||
## Benefits of Windows Defender SmartScreen
|
||||
Windows Defender SmartScreen helps to provide an early warning system against websites that might engage in phishing attacks or attempt to distribute malware through a socially-engineered attack. The primary benefits are:
|
||||
|
||||
- **Anti-phishing and anti-malware support.** SmartScreen helps to protect your employees from sites that are reported to host phishing attacks or attempt to distribute malicious software. It can also help protect against deceptive advertisements, scam sites, and drive-by attacks. Drive-by attacks are web-based attacks that tend to start on a trusted site, targeting security vulnerabilities in commonly-used software. Because drive-by attacks don't typically require any interaction, there's nothing to click, nothing to download, the infection is often invisible. For more info about drive-by attacks, see [Evolving Microsoft SmartScreen to protect you from drive-by attacks](https://blogs.windows.com/msedgedev/2015/12/16/SmartScreen-drive-by-improvements/#3B7Bb8bzeAPq8hXE.97)
|
||||
- **Anti-phishing and anti-malware support.** SmartScreen helps to protect your employees from sites that are reported to host phishing attacks or attempt to distribute malicious software. It can also help protect against deceptive advertisements, scam sites, and drive-by attacks. Drive-by attacks are web-based attacks that tend to start on a trusted site, targeting security vulnerabilities in commonly-used software. Because drive-by attacks can happen even if the user does not click or download anything on the page, the danger often goes unnoticed. For more info about drive-by attacks, see [Evolving Microsoft SmartScreen to protect you from drive-by attacks](https://blogs.windows.com/msedgedev/2015/12/16/SmartScreen-drive-by-improvements/#3B7Bb8bzeAPq8hXE.97)
|
||||
|
||||
- **Reputation-based URL and app protection.** SmartScreen evaluates a website's URLs to determine if they're known to distribute or host unsafe content. It also provides reputation checks for apps, checking downloaded programs and the digital signature used to sign a file. If a URL, a file, an app, or a certificate have an established reputation, your employees won't see any warnings. If however there's no reputation, the item is marked as a higher risk and presents a warning to the employee.
|
||||
- **Reputation-based URL and app protection.** SmartScreen evaluates a website's URLs to determine if they're known to distribute or host unsafe content. It also provides reputation checks for apps, checking downloaded programs and the digital signature used to sign a file. If a URL, a file, an app, or a certificate has an established reputation, your employees won't see any warnings. If however there's no reputation, the item is marked as a higher risk and presents a warning to the employee.
|
||||
|
||||
- **Operating system integration.** Windows Defender SmartScreen is integrated into the Windows 10 operating system, helping to protect your employees from running suspicious downloads, regardless of the browser being used or the path used by the app to get to the device (for example, email, or a USB flash drive).
|
||||
- **Operating system integration.** SmartScreen is integrated into the Windows 10 operating system, meaning that it checks all files an app (including 3rd-party browsers and email clients) attempts to download and run.
|
||||
|
||||
- **Improved heuristics and telemetry.** Improvements to SmartScreen's heuristics and telemetry help to more quickly identify and warn your employees about malicious sites.
|
||||
- **Improved heuristics and telemetry.** SmartScreen is constantly learning and endeavoring to stay up-to-date, so it can help protect you against potentially malicious sites and files.
|
||||
|
||||
- **Management through Group Policy and Microsoft Intune.** SmartScreen supports using both Group Policy and Microsoft Intune settings. For more info about all of the available settings, see [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen-available-settings.md).
|
||||
|
||||
## How SmartScreen works when an employee tries to run an app
|
||||
Windows Defender SmartScreen checks the reputation of any web-based app the first time it's run from the Internet, checking digital signatures and other factors against a Microsoft-maintained service. If an app has no reputation or is known to be malicious, SmartScreen can warn the employee or block the app from running entirely, depending on how you've configured the feature to run in your organization.
|
||||
By default, your employees can bypass SmartScreen protection, letting them run legitimate apps after accepting a warning message prompt. You can also use Group Policy or Microsoft Intune to block employees from using unrecognized apps, or to entirely turn off Windows Defender SmartScreen (not recommended).
|
||||
|
||||
### How employees can report websites as safe or unsafe
|
||||
You can configure Windows Defender SmartScreen to warn employees from going to a potentially dangerous site. Employees can then choose to report a website as safe from the warning message or as unsafe from within Microsoft Edge and Internet Explorer 11.
|
||||
|
||||
**To report a website as safe from the warning message**
|
||||
- On the warning screen for the site, click **More Information**, and then click **Report that this site does not contain threats**. The site info is sent to the Microsoft feedback site, which provides further instructions.
|
||||
|
||||
**To report a website as unsafe from Microsoft Edge**
|
||||
- If a site seems potentially dangerous, employees can report it to Microsoft by clicking **More (...)**, clicking **Send feedback**, and then clicking **Report unsafe site**.
|
||||
|
||||
**To report a website as unsafe from Internet Explorer 11**
|
||||
- If a site seems potentially dangerous, employees can report it to Microsoft by clicking on the **Tools** menu, clicking **Windows Defender SmartScreen**, and then clicking **Report unsafe website**.
|
||||
|
||||
## Viewing Windows Defender SmartScreen anti-phishing events
|
||||
When Windows Defender SmartScreen warns or blocks an employee from a website, it's logged as [Event 1035 - Anti-Phishing](https://technet.microsoft.com/en-us/scriptcenter/dd565657(v=msdn.10).aspx).
|
||||
|
||||
## Windows Defender SmartScreen on Windows Mobile
|
||||
Windows Defender SmartScreen on Windows Mobile helps to provide anti-phishing protection. If SmartScreen detects malicious content on a site, it can block the site itself or in some cases just specific content on the page. Also available for Internet Explorer 11 on Windows Mobile, is the SmartScreen URL reputation filter, which blocks or warns your employees about suspicious or potentially malicious websites.
|
||||
|
||||
## Related topics
|
||||
- [SmartScreen Frequently Asked Questions (FAQ)](https://support.microsoft.com/en-us/products/windows?os=windows-10)
|
||||
|
||||
|
||||
@ -17,16 +17,43 @@ localizationpriority: high
|
||||
- Windows 10 Mobile
|
||||
|
||||
|
||||
Starting with Windows 10, version 1703 you can use Windows Defender Security Center to set up Windows Defender SmartScreen for an individual device, unless you've used Group Policy or Microsoft Intune to prevent it.
|
||||
Starting with Windows 10, version 1703 your employees can use Windows Defender Security Center to set up Windows Defender SmartScreen for an individual device, unless you've used Group Policy or Microsoft Intune to prevent it.
|
||||
|
||||
>[!NOTE]
|
||||
>If any of the following settings are managed through Group Policy or mobile device management (MDM) settings, it appears as unavailable to the employee.
|
||||
|
||||
**To use Windows Defender Security Center to set up Windows Defender SmartScreen on a device**
|
||||
1. Open the Windows Defender Security Center app, and then click **App & browser control**.
|
||||
|
||||
|
||||
|
||||
2. In the **App & browser control** screen, click **Block**, **Warn**, or **Off** for apps and files, for protection while using Microsoft Edge, and for Windows Store apps.
|
||||
2. In the **App & browser control** screen, choose from the following options:
|
||||
|
||||
|
||||
- In the **Check apps and files** area:
|
||||
|
||||
- **Block.** Stops employees from downloading and running unrecognized apps and files from the web.
|
||||
|
||||
- **Warn.** Warns employees that the apps and files being downloaded from the web are potentially dangerous, but allows the action to continue.
|
||||
|
||||
- **Off.** Turns off SmartScreen, so an employee isn't alerted or stopped from downloading potentially malicious apps and files.
|
||||
|
||||
- In the **SmartScreen for Microsoft Edge** area:
|
||||
|
||||
- **Block.** Stops employees from downloading and running unrecognized apps and files from the web, while using Microsoft Edge.
|
||||
|
||||
- **Warn.** Warns employees that sites and downloads are potentially dangerous, but allows the action to continue while running in Microsoft Edge.
|
||||
|
||||
- **Off.** Turns off SmartScreen, so an employee isn't alerted or stopped from downloading potentially malicious apps and files.
|
||||
|
||||
- In the **SmartScreen from Windows Store apps** area:
|
||||
|
||||
- **Block.** Stops employees from visiting potentially malicious sites or from downloading and running unrecognized apps and files used by Windows Store apps.
|
||||
|
||||
- **Warn.** Warns employees that the sites and downloads used by Windows Store apps are potentially dangerous, but allows the action to continue.
|
||||
|
||||
- **Off.** Turns off SmartScreen, so an employee isn't alerted or stopped from visiting sites or from downloading potentially malicious apps and files.
|
||||
|
||||
|
||||
|
||||
## Related topics
|
||||
- [Keep Windows 10 secure](https://technet.microsoft.com/itpro/windows/keep-secure/index)
|
||||
|
||||
Reference in New Issue
Block a user