Microsoft Edge – Prevent Download of Unsafe Files Blocked by SmartScreen Filter

The SmartScreen Filter warns the user when running unrecognized programs or files downloaded from the internet. When you download files using Microsoft Edge, the file download is blocked if the source URL is blacklisted or the downloaded program fails the application reputation check by Microsoft SmartScreen filter.

However, Edge Chromium allows users to download the unsafe file regardless of the warning, by clicking on the “Keep” option in the Downloads flyout.

Likewise, on Microsoft Edge (legacy), every time when a file download is blocked, the following message shows up:

"filename" is unsafe to download and was blocked by SmartScreen Filter.

Still, users can download the blocked file manually by opening the Downloads panel, right-clicking on the blocked file, and choosing “Download unsafe file” option in the right-click menu.

This article explains how to prevent users from downloading the ‘unsafe’ file on Microsoft Edge and Microsoft Edge Chromium.

Prevent Download of Unsafe Files Blocked in Edge

For Microsoft Edge (Chromium)

Note: This setting is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10 Pro or Enterprise instances that enrolled for device management, or macOS instances that are managed via MDM or joined to a domain via MCX.

On standalone systems, Edge ignores this policy. Workaround for standalone systems is available at the following link. The trick is to add a fake MDM provider in the registry so that Edge will think that the Windows 10 computer is MDM-Managed.

Edge Policies for non-Domain-joined Devices – Gunnar Haslinger:
https://hitco.at/blog/apply-edge-policies-for-non-domain-joined-devices/

1. Start the Registry Editor (regedit.exe)
2. Go to the following key:

   HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge

   (The above branch may not exist by default. You may need to create it manually.)

3. Create a DWORD (32-bit) value named PreventSmartScreenPromptOverrideForFiles
4. Double-click PreventSmartScreenPromptOverrideForFiles and set its data to 1
5. Exit the Registry Editor.

In Windows 10 Pro and higher, you can configure the above setting via Group Policy Editor if you have added Edge ADMX files already. The above registry setting corresponds to the “Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads” GPO under the following branch:

Computer Configuration → Administrative Templates → Microsoft Edge → SmartScreen settings

---

For Microsoft Edge (legacy)

The following setting applies to any version of Windows 10 — whether it’s connected to a domain or is a standalone computer.

1. Start the Registry Editor (regedit.exe)
2. Navigate to the following branch:

   HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter

   Note: The Policies key or its subkeys may not exist by default. If so, create those subkeys manually.

3. Create a DWORD value named PreventOverrideAppRepUnknown
4. Double-click PreventOverrideAppRepUnknown and set its data to 1
5. Exit the Registry Editor.

After implementing the registry edit below, you’ll no longer see the “Download unsafe file” option in the right-click menu in Microsoft Edge’s Download panel.

If you’re using Windows 10 Pro or higher, you can configure this setting using Group Policy Editor.

1. Start the Group Policy Editor (gpedit.msc) and go to:

   User Configuration → Administrative Templates → Windows Components → Microsoft Edge

2. Enable the following setting in the Group Policy Editor:

   Prevent bypassing SmartScreen prompts for files

If you enable this setting, your user account is blocked from downloading unverified or unsafe files blocked by the SmartScreen Filter. The setting applies to the current user account only. There is an equivalent per-system GPO under “Computer Configuration” branch, but that doesn’t seem to work as intended.