How to manage URL whitelist for SmartScreen in Microsoft Edge

Question

How to manage URL whitelist for SmartScreen in Microsoft Edge

vdrjrmylair 20

Hi,

I am trying to set up the Group Policy setting "SmartScreenAllowListDomains" for Microsoft Edge (112.X) to avoid showing SmartScreen warnings on certain websites for file downloads.

The group policy setting is located "Computer Configuration\Administrative Templates\Microsoft Edge\SmartScreen settings" - "Configure the list of domains for which Microsoft Defender SmartScreen won't trigger warnings"

I have added the required domains within the settings of this parameter (like "mywebiste.com") but I still continue to get warnings while downloading my item (flagged as "not commonly downloaded")

SmartScreen is enforced in Microsoft Edge due to security reasons so there is no way to disable it to bypass this warning and get the file (which is good a thing...)

Microsoft Defender APT is not used on my device

Thank you for your help,

ShiJieLi-MSFT 12,321 Reputation points Microsoft External Staff

2023-05-04T05:30:28.8466667+00:00

Hi @vdrjrmylair ,

Would you please provide a screenshot of your edge://policy page to see whether this policy has been successfully configured?
vdrjrmylair 20 Reputation points

2023-05-04T10:13:15.3933333+00:00

Hi @ShiJieLi-MSFT ,

Sorry that I haven't mentionned this earlier, but yes I have checked and the policy is correctly applied. The values match as well the "<domain>.<tld>" shape

Accepted answer

0 additional answers

Your answer

ShiJieLi-MSFT 12,321 Reputation points Microsoft External Staff

2023-05-04T05:30:28.8466667+00:00

Hi @vdrjrmylair ,

Would you please provide a screenshot of your edge://policy page to see whether this policy has been successfully configured?
vdrjrmylair 20 Reputation points

2023-05-04T10:13:15.3933333+00:00

Hi @ShiJieLi-MSFT ,

Sorry that I haven't mentionned this earlier, but yes I have checked and the policy is correctly applied. The values match as well the "<domain>.<tld>" shape

Answer 1

ShiJieLi-MSFT 12,321 Microsoft External Staff

Hi @vdrjrmylair ,

Thanks for that screenshot. It looks like everything's fine regarding the policy value. There's another potential barrier according to the doc:

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10 Pro or Enterprise instances that enrolled for device management, or macOS instances that are that are managed via MDM or joined to a domain via MCX. Also note that this policy does not apply if your organization has enabled Microsoft Defender Advanced Threat Protection. You must configure your allow and block lists in Microsoft Defender Security Center instead.

Please check whether you have met the prerequisites above to make this policy work.

Actually, you can replace this policy with SmartScreenForTrustedDownloadsEnabled. To achieve the same goal, you need to:

Add the target URL/download source into Internet Options --> Security -->Trusted sites.
Disable SmartScreenForTrustedDownloadsEnabled.

This policy works well as I've tested. You can consider it as a workaround.

UPDATE

There're various reasons for this, such as the implementation of each group policy. Enabling SmartScreenAllowListDomains and disabling SmartScreenForTrustedDownloadsEnabled almost work in the same way, but the difference lies in the implementation. Disabling SmartScreenForTrustedDownloadsEnabled simply ignores the download's reputation, while SmartScreenPuaEnabled helps protect users from adware, coin miners, bundleware, and other low-reputation apps. The demo app may not (only) be the low-reputation one. But SmartScreenAllowListDomains mainly deals with warnings, so it is expected to work in this case.

Let's go back to the "not commonly downloaded" warning. You can have a test below at "Unknown Program". In this case, SmartScreenForTrustedDownloadsEnabled works while SmartScreenAllowListDomains fails. That's why I recommend SmartScreenForTrustedDownloadsEnabled as a workaround. As to why SmartScreenAllowListDomains fails, I think it is designed for "Potentially unwanted app" warning.

User's image

To conclude, you can apply SmartScreenAllowListDomains for "Potentially unwanted app" warning, and SmartScreenForTrustedDownloadsEnabled for "not commonly downloaded" warning.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Best Regards,

Shijie Li

vdrjrmylair 20 Reputation points

2023-05-08T12:13:01.25+00:00

Hello @ShiJieLi-MSFT ,

Thank you for your update.

The computer is joined to a Microsoft Active Directory domain (On-Premise) and runs the Windows 10 Entreprise edition as operating system. The latest updates to this day are installed (19042.2846).

This computer is not managed with Microsoft Defender Advanced Threat Protection.
vdrjrmylair 20 Reputation points

2023-05-08T12:21:24.64+00:00

Hi @ShiJieLi-MSFT ,

Hewlett-Packard has corrected the faulty file that was creating issue on download. Now I can download the file without any problem without the need to whitelist the URL in SmartScreen for Edge.

I believe that the file wasn't properly digitally signed, which could cause my issue. Anyway, I will try the provided workaroud just in case it happens in the near future again.

I'll try to run my tests using the SmartScreen testing page : https://demo.smartscreen.msft.net/

Best regards,
vdrjrmylair 20 Reputation points

2023-05-08T13:14:48.45+00:00

Hi @ShiJieLi-MSFT ,

I have just tried the workaround for testing purpose but it appears that it does not work in my environment:

Internet Options --> Security -->Trusted sites (added by GPO) :

Microsoft Edge applied policies:

Behavior when clicking on "Potentially Unwanted Download"

However adding the URL "smartscreen.msft.net" using the SmartScreen whitelist for Microsoft Edge (SmartScreenAllowListDomains) works correctly as no warning is shown when download.

Maybe some conflict of security settings ?

Best regards,
ShiJieLi-MSFT 12,321 Reputation points Microsoft External Staff

2023-05-09T03:13:51.0933333+00:00

Hi @vdrjrmylair ,

I've updated my answer and shared my insight. Please check the updated answer.
vdrjrmylair 20 Reputation points

2023-05-11T13:14:55.1566667+00:00

Hi @ShiJieLi-MSFT ,

Thank you for the update. It's more clear now.

Cheers,
Yathharthha Kaushal 0 Reputation points

2025-03-24T03:06:21.2066667+00:00

Greetings @ShiJieLi-MSFT ,

While this approach works seamlessly for Professional or Enterprise editions of Windows, I've encountered an issue on Windows 11 Home edition. There's a website I frequently visit (let's call it example.com), which triggers a false positive in Microsoft Defender SmartScreen. As a result, every time I try to access the site, I have to go through additional steps to bypass the warning (e.g., clicking “Continue to the unsafe site (not recommended)”).

I appreciate the protection offered by SmartScreen and do not wish to disable it entirely, as it enhances security and safeguards my data. To streamline access, I attempted to whitelist example.com by modifying the Group Policy through the registry editor (since gpedit.msc isn't available on Windows Home).

The domain does appear in the Microsoft Edge policies list at edge://policies, but unfortunately, this configuration has no impact.

Is there a solution to avoid manually clicking “Continue to the unsafe site” each time I access this site? Given how frequently I visit example.com, these extra steps consume more time than expected and have become quite inconvenient. Best Regards,

Yathharthha Kaushal

Share via

How to manage URL whitelist for SmartScreen in Microsoft Edge

0 additional answers

Your answer