Hi @vdrjrmylair ,
Thanks for that screenshot. It looks like everything's fine regarding the policy value. There's another potential barrier according to the doc:
This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10 Pro or Enterprise instances that enrolled for device management, or macOS instances that are that are managed via MDM or joined to a domain via MCX. Also note that this policy does not apply if your organization has enabled Microsoft Defender Advanced Threat Protection. You must configure your allow and block lists in Microsoft Defender Security Center instead.
Please check whether you have met the prerequisites above to make this policy work.
Actually, you can replace this policy with SmartScreenForTrustedDownloadsEnabled. To achieve the same goal, you need to:
- Add the target URL/download source into Internet Options --> Security -->Trusted sites.
- Disable SmartScreenForTrustedDownloadsEnabled.
This policy works well as I've tested. You can consider it as a workaround.
There're various reasons for this, such as the implementation of each group policy. Enabling SmartScreenAllowListDomains and disabling SmartScreenForTrustedDownloadsEnabled almost work in the same way, but the difference lies in the implementation. Disabling SmartScreenForTrustedDownloadsEnabled simply ignores the download's reputation, while SmartScreenPuaEnabled helps protect users from adware, coin miners, bundleware, and other low-reputation apps. The demo app may not (only) be the low-reputation one. But SmartScreenAllowListDomains mainly deals with warnings, so it is expected to work in this case.
Let's go back to the "not commonly downloaded" warning. You can have a test below at "Unknown Program". In this case, SmartScreenForTrustedDownloadsEnabled works while SmartScreenAllowListDomains fails. That's why I recommend SmartScreenForTrustedDownloadsEnabled as a workaround. As to why SmartScreenAllowListDomains fails, I think it is designed for "Potentially unwanted app" warning.
To conclude, you can apply SmartScreenAllowListDomains for "Potentially unwanted app" warning, and SmartScreenForTrustedDownloadsEnabled for "not commonly downloaded" warning.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.