Detections
Analytics

18.9.80.1.1 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn and prevent bypass' - ShellSmartScreenLevel

Information

This policy setting allows you to manage the behavior of Windows SmartScreen. Windows SmartScreen helps keep PCs safer by warning users before running unrecognized programs downloaded from the Internet. Some information is sent to Microsoft about files and programs run on PCs with this feature enabled.

The recommended state for this setting is: Enabled: Warn and prevent bypass.




Rationale:

Windows SmartScreen helps keep PCs safer by warning users before running unrecognized programs downloaded from the Internet. However, due to the fact that some information is sent to Microsoft about files and programs run on PCs some organizations may prefer to disable it.

Impact:

Users will be warned before they are allowed to run unrecognized programs downloaded from the Internet.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled: Warn and prevent bypass:

Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template WindowsExplorer.admx/adml that is included with the Microsoft Windows 8.0 & Server 2012 (non-R2) Administrative Templates (or newer).
Note #2: In older Microsoft Windows Administrative Templates, this setting was initially named Configure Windows SmartScreen, but it was renamed starting with the Windows 10 Release 1703 Administrative Templates.

Default Value:

Disabled. (Windows SmartScreen behavior is managed by administrators on the PC by using Windows SmartScreen Settings in Action Center.)




Additional Information:

Microsoft Windows Server 2016 Security Technical Implementation Guide:
Version 1, Release 13, Benchmark Date: May 15, 2020

Vul ID: V-73559
Rule ID: SV-88223r2_rule
STIG ID: WN16-CC-000330
Severity: CAT II

Note: The Microsoft Windows Server 2016 Security Technical Implementation Guide refers to this setting by the previous name of Configure Windows SmartScreen. It was renamed in the Windows 10 Release 1703 Administrative Templates to Configure Windows Defender SmartScreen.

Note #2: This setting is available for configuration in two locations within the Administrative Templates.

Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen

Computer Configuration\Policies\Administrative Templates\Windows Components\File Explorer\Configure Windows Defender SmartScreen

Note #3: In the Microsoft Windows Server 2016 Security Technical Implementation Guide this setting is set to Enabled, but no sub-setting is defined.

See Also

https://workbench.cisecurity.org/files/2940

Item Details

References: CSCv7|2.6, CSCv7|2.7, CSCv7|7.2, CSCv7|7.3

Plugin: Windows

Control ID: 81502c9387f48ff121d2ecc1416053542203b7bda003bbf989df471283cac6ca