Category Microsoft Edge ID 10952, 10953 #28
Comments
|
According to the document MS Security Baseline Windows 11 v22H2.xlsx (see URL), the path ...Microsoft\MicrosoftEdge\PhishingFilter... is correct. However, the policy file MSFT-Win11-v22H2.PolicyRules only points to the Internet Explorer one. I don't have a Windows 11 installation around at the moment, could you please configure the policy via group policy and monitor with registry key is changed? |
|
Both: 10953,"Microsoft Edge","Prevent bypassing Microsoft Defender SmartScreen prompts for sites",Registry,,HKLM:\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter,PreventOverride,,,,,1,=,Medium` settings are here: EnableSmartScreen (10952) ShellSmartScreenLevel (10953), which can be Block or Warn, Block would be the correct setting. Don't get confused, the config about Explorer not Edge, I doubt this is any different from win10. |
|
Here is a output of the Microsoft documentation regarding those settings, which use different path for Explorer and Edge
These settings (rows 2482-2484) are covered in ID 10951 to 10954 |
|
Nope, 10952 and 10953 should match 2842 or 1043 (2 registry path entrys here) in your excel file. Keys: but in your list it matches 2483 and 2484: 10953,"Microsoft Edge","Prevent bypassing Microsoft Defender SmartScreen prompts for sites",Registry,,HKLM:\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter,PreventOverride,,,,,1,=,Medium That's why the settings are reported as "unset", all other Defender settings are ok and don't fail. File Explorer Defender settings are in system and not in any *Edge registry folder. |
|
I don't get it:
Okay, the category Microsoft Edge of 10952 and 10953 is not as in the Excel list however the registry keys are matching |
|
Ok, I missed the category before "Starting category Microsoft Edge", but 10952 and 10953 are still empty and not used, even if add the Edge 107 Baseline, it is still: Result= |
|
That is interesting, I had access to a Win 11 Enterprise machine and used gpedit.msc and monitored for registry changes. Both registry keys were created after configuring the settings:
Is there an error in the source file from Microsoft? I did not check those templates yet. |
|
Those 2 settings are NOT part of the wi11 computer baseline, and not even part of the edge 107 basline. only enhanced phishing and explorer are part of win11, the first one your might be missing because of missing ADMX templates. |
|
Let's Microsoft answer this question, the documentation or the policy files are different. I posted a comment: https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-22h2-security-baseline/bc-p/3733816/highlight/true#M562 If Microsoft recommends configuring Windows Defender for Mircosoft Edge, then the settings must be set in the way of the HardeningKitty list. If this is not a recommendation I'll remove the checks. I did a check on Windows 11 Pro as well, if I use gpedit.msc then the registry keys are set. If I use the PowerShell script of Microsoft then it is not configured. |
When executing, on Windows 11 22H2:
Invoke-HardeningKitty -Mode Audit -FileFindingList .\lists\finding_list_msft_security_baseline_windows_11_22h2_machine.csvthe two Edge settings are not found:
`[*] 1/29/2023 6:22:34 PM - Starting Category Microsoft Edge
[$] ID 10952, Configure Windows Defender SmartScreen, Result=, Recommended=1, Severity=Medium
[$] ID 10953, Prevent bypassing Microsoft Defender SmartScreen prompts for sites, Result=, Recommended=1, Severity=Medium`
the list points to the reg key:
HKLM:\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter,EnabledV9
I could only find this setting here (the second Defender setting is also found here):
SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter
The text was updated successfully, but these errors were encountered: