STIGQter: STIG Summary: Microsoft Edge Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 14 Jan 2021:

The list of domains for which Microsoft Defender SmartScreen will not trigger warnings must be whitelisted if used.

DISA Rule

SV-235722r626523_rule

Vulnerability Number

V-235722

Group Title

SRG-APP-000073

Rule Version

EDGE-00-000004

Severity

CAT III

CCI(s)

CCI-000870 - The organization checks media containing diagnostic and test programs for malicious code before the media are used in the information system.

Weight

Fix Recommendation

Check Contents

The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/SmartScreen settings/Configure the list of domains for which Microsoft Defender SmartScreen won't trigger warnings" may be set to "allow" for whitelisted domains.

Use the Windows Registry Editor to navigate to the following key:
HKLM\SOFTWARE\Policies\Microsoft\Edge

SmartScreenAllowListDomains may be set as follows:
HKLM\SOFTWARE\Policies\Microsoft\Edge\SmartScreenAllowListDomains\1 = mydomain.com
HKLM\SOFTWARE\Policies\Microsoft\Edge\SmartScreenAllowListDomains\2 = myagency.mil

This requirement for "SmartScreenAllowListDomains" is not required; this is optional.

If configured, the list of domains for which Microsoft Defender SmartScreen will not trigger warnings must be whitelisted; otherwise this is a finding.

If this machine is on SIPRNet, this is Not Applicable.

Vulnerability Number

V-235722

Documentable

False

Rule Version

EDGE-00-000004

Severity Override Guidance

Check Content Reference

Target Key

5280

The list of domains for which Microsoft Defender SmartScreen will not trigger warnings must be whitelisted if used.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments