An error occurred:

Check: EDGE-00-000036

Microsoft Edge STIG: EDGE-00-000036 (in versions v1 r4 through v1 r2)

Title

Download restrictions must be configured. (Cat III impact)

Discussion

Configures the type of downloads that Microsoft Edge completely blocks, without letting users override the security decision. Set "BlockDangerousDownloads" to allow all downloads except for those that carry Microsoft Defender SmartScreen warnings. Set "BlockPotentiallyDangerousDownloads" to allow all downloads except for those that carry Microsoft Defender SmartScreen warnings of potentially dangerous or unwanted downloads. Set "BlockAllDownloads" to block all downloads. If this policy is not configured or the 'DefaultDownloadSecurity' option set, downloads go through the usual security restrictions based on Microsoft Defender SmartScreen analysis results. Note that these restrictions apply to downloads from web page content, as well as the "download link..." context menu option. These restrictions do not apply to saving or downloading the currently displayed page, nor do they apply to the "Save as PDF" option from the printing options. See https://go.microsoft.com/fwlink/?linkid=2094934 for more information on Microsoft Defender SmartScreen. Policy options mapping: - DefaultDownloadSecurity (0) = No special restrictions. - BlockDangerousDownloads (1) = Block dangerous downloads. - BlockPotentiallyDangerousDownloads (2) = Block potentially dangerous or unwanted downloads. - BlockAllDownloads (3) = Block all downloads.

Check Content

The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Allow download restrictions" must be set to "Enabled" with the option value set to "BlockDangerousDownloads" or "Block potentially dangerous or unwanted downloads". Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge If the value for "DownloadRestrictions" is not set to "REG_DWORD = 1", or "REG_DWORD = 2", this is a finding.

Fix Text

Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Allow download restrictions" to "Enabled" and select "BlockDangerousDownloads" or "Block potentially dangerous or unwanted downloads".

Additional Identifiers

Rule ID: SV-235752r766854_rule

Vulnerability ID: V-235752

Group Title: SRG-APP-000141

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000381

Configure the system to provide only organization-defined mission essential capabilities.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-7

Least Functionality