WebView2 makes external API calls to Microsoft domain while cache creation and initialization

Beluru, Raghavendra 1 Reputation point
2021-03-09T20:57:20.077+00:00

Hello there,

We are replacing CefSharp control with WebView2 control while doing a feasibility study we observed that l WebView2 makes the following external API calls to the Microsoft domain while cache creation and initialization. When we try to block these calls WebView2 won't load page contents. This would raise a concern as our customers need to open up the firewall for these calls.

Questions

1. What is the purpose of these calls?
2. 3. Is there a way to avoid these calls?

Cache Creation:

POST https://nav.smartscreen.microsoft.com/api/browser/edge/actions
POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

Cache Initialization:

POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2
POST https://nav.smartscreen.microsoft.com/api/browser/edge/actions
GET https://config.edge.skype.com/config/v1/Edge/88.0.705.74?\<Query Parameters>
GET https://smartscreen-prod.microsoft.com/windows/browser/edge/data/bloomfilter/x?\<Query Parameters>
POST https://smartscreen-prod.microsoft.com/api/browser/edge/data/settings
GET https://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?\<Query Parameters>
POST https://smartscreen-prod.microsoft.com/api/browser/edge/data/settings

Any insights would be greatly appreciated.

Thanks,
Raghavendra

Microsoft Edge
Microsoft Edge
A Microsoft cross-platform web browser that provides privacy, learning, and accessibility tools.
2,426 questions
Windows Presentation Foundation
Windows Presentation Foundation
A part of the .NET Framework that provides a unified programming model for building line-of-business desktop applications on Windows.
2,813 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Deepak-MSFT 2,206 Reputation points Microsoft Vendor
    2021-03-10T07:23:29.403+00:00

    @Beluru, Raghavendra ,
    From your posted links it looks like you are seeing this behavior because of SmartScreen.

    1- What is the purpose of these calls?

    I found below information from the documents.

    Microsoft Defender SmartScreen protects users while they browse the Internet by using a reputation check system. Microsoft Edge passes relevant information about the URL or file to the Microsoft Defender SmartScreen service to start the reputation check. The check compares the website or file against dynamic lists of sites and files that are known to be dangerous. All requests to the Microsoft Defender SmartScreen service are made with TLS encryption. The service returns the results of the reputation check, which might lead to Microsoft Edge showing a warning for the site or file. These results are stored locally on the device.

    The Microsoft Defender SmartScreen service stores data about reputation checks. As new sites are identified, the service adds to a dynamic database of known malicious URLs and files. This data is stored on secure Microsoft servers and is only used for Microsoft security services. This data will never be used to identify or target users in any way. Clearing browsing cache clears all locally stored Microsoft Defender SmartScreen URL data. Clearing download history will remove any locally stored SmartScreen data about file downloads.

    For more information about Microsoft Defender SmartScreen and privacy on Microsoft Edge, read the Microsoft Edge Privacy Whitepaper.

    Reference: Microsoft Defender SmartScreen and user privacy

    So it looks like SmartScreen works in a similar way with the Edge webView2 as its works with the actual Edge browser.

    2- Is there a way to avoid these calls?

    I suggest you refer to the links mentioned below, it can give you information that might help to avoid these calls.

    1. Need API to disable SmartScreen in WebView2
    2. No way to disable SmartScreen

    ----------

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.