8.9.2 Set 'Use SmartScreen Filter' to 'Enabled:Enable'

Information



This policy setting controls whether SmartScreen Filter scans pages in this zone for
malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this
zone for malicious content. If you disable this policy setting, SmartScreen Filter does not
scan pages in this zone for malicious content. If you do not configure this policy setting, the
user can choose whether SmartScreen Filter scans pages in this zone for malicious content.


Note- In Internet Explorer 7, this policy setting controls whether Phishing Filter scans
pages in this zone for malicious content. The recommended state for this setting is-
Enabled-Enable.

*Rationale*

If the SmartScreen Filter is enabled globally, not enabling this setting would allow the user
to disable the use of the SmartScreen Filter in this zone.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.

Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Turn on
SmartScreen Filter scanThen set the Use SmartScreen Filter option to Enable.

Impact-The SmartScreen Filter will be used in this zone.

See Also

https://workbench.cisecurity.org/files/1518

Item Details

Audit Name: CIS IE 11 v1.0.0

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3c.1.

Plugin: Windows

Control ID: f87bd2f344703eb624a2f150399f0c2187d4b3d88ddeeea9e53d213d50af47df