DTBI740 - Managing SmartScreen Filter use must be enforced.

Information

This setting is important from a security perspective because Microsoft has extensive data illustrating the positive impact the SmartScreen filter has had on reducing the risk of malware infection via visiting malicious web sites. This policy setting allows the users to enable the SmartScreen Filter, which will warn if the web site being visited is known for fraudulent attempts to gather personal information through 'phishing' or is known to host malware. If you enable this setting, the user will not be prompted to enable the SmartScreen Filter. It must be specified which mode the SmartScreen Filter uses: on or off. If the feature is on, all web site addresses not contained on the filter's allow list, will be sent automatically to Microsoft without prompting the user. If the feature is off, the user will be prompted to decide the mode of operation for the SmartScreen Filter during the first run experience.

Solution

Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> 'Turn off Managing SmartScreen Filter for Internet Explorer 9' to 'Enabled' and select 'Off' from the drop-down box.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Microsoft_IE9_V1R15_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(1), CAT|II, Rule-ID|SV-40704r1_rule, STIG-ID|DTBI740, Vuln-ID|V-22108

Plugin: Windows

Control ID: 2a9913bda66d44632dd5828c7b013853db860d39008a1eaf2ddce7b49f3a1bc6