Microsoft Edge not blocking test virus files

Edward West 1 Reputation point
2022-07-07T06:31:41.153+00:00

Hi All,

We have recently had to go through Cyber Essentials Plus as an organisation, which we managed to pass using a workaround, however, I would like to find a long term fix.

Basically as part of the test your browsers have to block certain harmful files, Google Chrome blocked them all fine, but Edge let 2 of them download and RUN!

The 2 files were Test.bat (ideally we would like to block all .bat files from being run without Admin Elevation Prompt) and Calc.exe.

The only workaround I could think of as we were running low on time was to block ALL downloads in Edge, which long term is not a solution as some of our staff use Edge.

As Chrome detects and blocks them from downloading I don't think it is an AV issue (we have some machines with Webroot and some with Defender, both have the same issue).

Any ideas of how we can fix this? I am happy to send people the links to these files, but didn't want to post them in the message in case it wasn't allowed.

Microsoft Edge
Microsoft Edge
A Microsoft cross-platform web browser that provides privacy, learning, and accessibility tools.
2,446 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,999 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Reza-Ameri 17,026 Reputation points
    2022-07-07T14:10:35.677+00:00

    You may submit sample to the following website:
    https://www.microsoft.com/en-us/wdsi/filesubmission
    You may submit link of these malicious websites to:
    https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site
    If you right click on the download, you may report them as unsafe too.

    0 comments No comments

  2. XuDong Peng-MSFT 11,181 Reputation points Microsoft Vendor
    2022-07-08T06:59:36.027+00:00

    Hi @Edward West ,

    Basically as part of the test your browsers have to block certain harmful files, Google Chrome blocked them all fine, but Edge let 2 of them download and RUN!

    As far as I know, Edge has a corresponding explanation of how these file types determine the level of danger: How Microsoft Edge determines the danger level of a file type.

    As mentioned in the documentation, both exe and bat are file types that require user gestures, and it will download this type of file if you meet one of these conditions:

    • There's a user gesture associated with the network request that started the download. For example, the user clicked a link to the download.
    • There's a recorded prior visit to the referring origin (the page that links to the download) before the most recent midnight (that is, yesterday or earlier). This recorded visit implies that the user has a history of visiting the site.
    • If the user explicitly starts it by using the Save link as context menu command, enters the download’s URL directly into the browser’s address bar, or if Microsoft Defender SmartScreen indicates that the file is safe.

    As shown, auto_open_hint property determines whether or not the file type will be opened automatically when the download is complete. And the file types you mentioned are all disallow from auto-opening. Something like these below. I also tried downloading the bat file, but it just downloads and doesn't open automatically.
    218855-image.png218809-image.png

    What is the version of Edge where the problem occurs? If possible, can you provide specific steps to reproduce the problem? In addition, if you need to prevent Edge from downloading specific types of files, I suggest you send feedback to the relevant team, just press Shift+Alt+I to edit your suggestion and send it. Edge team will constantly improving and updating the product. Thank you for understanding.

    Best regards,
    Xudong Peng


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  3. Limitless Technology 39,786 Reputation points
    2022-07-13T14:31:02.03+00:00

    Hi there,

    As it is a test file I suppose the smart defender is not blocking it . A number of inputs contribute to Microsoft Defender SmartScreen warnings. Data is received from many sources, including user feedback, data providers, and intelligence models. This data is used to help identify potentially malicious content. Microsoft Defender SmartScreen also checks downloaded apps or app installers to see if they're malicious. In both scenarios, Microsoft Defender SmartScreen warns users appropriately about suspicious content.

    Microsoft Defender SmartScreen determines whether a downloaded app or app installer is potentially malicious based on many criteria, such as download traffic, download history, past anti-virus results, and URL reputation.

    Microsoft Edge support for Microsoft Defender SmartScreen

    https://learn.microsoft.com/en-us/deployedge/microsoft-edge-security-smartscreen

    --------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.