Prevent "File is not commonly downloaded. Make sure you trust file before you open it" for intranet .msi file

Mik Op 136 Reputation points
2023-04-05T06:25:42.6266667+00:00

I am serving some msi file on local intranet website. Everytime a user clicks the link it shows the warning: "File is not commonly downloaded. Make sure you trust file before you open it" most users don't know that they can click three dots and download anyway Following settings served with GPO have no effect:

  • https://intranet is in local intranet zone (I have tried trusted sites as well)
  • Disable download file type extension-based warnings for specified file types on domains GPO (registry key ExemptDomainFileTypePairsFromFileTypeDownloadWarnings (obsolete) and ExemptFileTypeDownloadWarnings)
  • Configure the list of domains for which Microsoft Defender SmartScreen won't trigger warnings GPO (registry key SmartScreenAllowListDomains) The only thing that resolves the issue is disable SmartScreen in Edge completely. Is there some sollution?
Microsoft Edge
Microsoft Edge
A Microsoft cross-platform web browser that provides privacy, learning, and accessibility tools.
2,175 questions
0 comments No comments
{count} votes

Accepted answer
  1. Yu Zhou-MSFT 12,456 Reputation points Microsoft Vendor
    2023-04-05T07:48:16.6266667+00:00

    Hi @Mik Op ,

    To prevent the download warning, you can try the following solutions:

    1. Configure policy ExemptFileTypeDownloadWarnings to specify the filetypes that are allowed to download from specific sites without interruption. You can enable this policy and set the value like this: [{"file_extension":"msi", "domains":["contoso.com"]}. Note: the policy you mentioned Disable download file type extension-based warnings for specified file types on domains is obsolete. It doesn't work after Microsoft Edge 109.
    2. Configure policy SmartScreenForTrustedDownloadsEnabled. You can disable this policy, then Microsoft Defender SmartScreen doesn't check the download's reputation when downloading from a trusted source (local system, intranet, or trusted sites zone). Note: This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10 Pro or Enterprise instances that enrolled for device management.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Regards,

    Yu Zhou

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful