Configure Windows Defender SmartScreen via GPO

The term ” SmartScreen ” in connection with the Windows Defender has certainly heard some of you. The SmartScreen Filter checks programs downloaded over the Internet for potential dangers and prevents access to the file in an emergency. We have reported on these reports several times in the past and at the end of this article you will find the appropriate links.

The message from the smart screen usually looks like this.

SmartScreen - The computer was protected by Windows.

Windows therefore sends certain data to the Microsoft server before opening unknown content , thereby checking whether it could be a malicious file. Unfortunately, neither the user nor the administrator can see exactly what information is being sent to Microsoft.

However, Microsoft has provided a group policy that you can use to configure your SmartScreen .

SmartScreen GPO

You can find the Smartscreen GPO in the group policy editor in the area

Computer Configuration / Administrative Templates / Windows Components / File Explorer

The actual GPO is called

Configure Windows Defender SmartScreen

Configure GPO Windows Defender SmartScreen

Here you have the option to deactivate or configure the Windows Defender SmartScreen .

Note: We do not recommend deactivating the SmartScreen for security reasons! 

By activating the GPO you have further configuration options that make sense. You can choose here how the SmartScreen Filter should behave if it identifies a file as unsafe. The following options are available to you.

  • Warn and prevent circumvention
  • To warn

If you set the GPO to “Warn”, you can select the “Execute anyway” button in the SmartScreen display (see 1st figure above). With “Prevent warnings and bypass”, on the other hand, the execution of unsafe files is no longer possible.

Microsoft provides the following additional information about this SmartScreen Group Policy.

This policy enables you to enable or disable Windows Defender SmartScreen. SmartScreen helps protect PCs by alerting users of potentially harmful programs downloaded from the Internet. This warning appears as an interstitial dialog box before running an app that has been downloaded from the Internet and is unknown or identified as harmful. There is no dialog box for apps that don’t appear suspicious.

When this feature is enabled, some information about files and programs running on PCs is sent to Microsoft.

When you enable the policy, SmartScreen is enabled for all users.

If you enable the policy with the Prevent Warning and Bypass option , users in SmartScreen dialog boxes will have no way to ignore the warning and run the app. SmartScreen continues to display the warning on subsequent attempts to run the app.

If you enable the policy with the ” Warn ” option , users are warned in SmartScreen dialog boxes that the app is suspicious, but have the option to ignore the warning and run the app anyway. If SmartScreen is instructed by the user to run the app, SmartScreen does not issue another warning for the app.

If you disable the policy , SmartScreen is disabled for all users. Users are not warned when trying to run suspicious apps from the Internet.

If you do not configure the policy , SmartScreen is enabled by default, but users can change their settings.

Administrators should definitely consider whether activating the GPO is worthwhile so that the user cannot bypass the SmartScreen warning.

You can find further information about the ” Windows Defender ” here.

– Start Windows Defender offline on Windows 10
– Deactivate the Windows Defender Security Center
– Windows Defender Security Center from the Windows 10 Creators Update
– Remove the “Windows Security” icon from the Windows system – Search
ZIP, RAR or CAB files with Windows Defender
– 0x80070643 Windows Defender Update Error
– Deactivate Windows Defender completely
– 0x800705b4 Windows Update Error
Code – 0x80070003 Error Code during Windows Update
– Microsoft Security Essentials
– TrendMicro OfficeScan Error BA060000 after Windows 10 Anniversary Feature Update

administrator