App & browser control in Windows Security

Note: In previous versions of Windows 10, Windows Security is called Windows Defender Security Center.

App & browser control in Windows Security provides the settings for Microsoft Defender SmartScreen, which helps protect your device from potentially dangerous apps, files, websites, and downloads.

The settings on the App & browser control page let you:

Block unrecognized apps, files, malicious sites, downloads, and web content.

Set up warnings for unrecognized apps, files, malicious sites, downloads, and web content.

Turn off blocking and warnings altogether.

Caution: Turning off the Block and Warn options may leave your device vulnerable to threats.

Reputation-based protection

Reputation-based protection leverages what Microsoft knows about various sites, services, and publishers, as well as threats we’ve seen in action to help protect you from malicious or potentially unwanted apps, files, or websites.

Isolated browsing

Microsoft Defender Application Guard for Edge can help to protect you against untrusted and potentially dangerous sites by opening them in a virtualized container, isolated from your important files and folders.

Exploit protection

Exploit protection is already running and protecting your device, and your device is set up with the protection settings that work best for most people. However, you can always customize the settings for your device and the programs you run. If you manage devices and programs in an organization, you can use the export feature to share customized exploit protection settings across all of the devices in your organization.

Microsoft tests rival browser ‘warnings’

13 September 2018

Microsoft is testing pop-up warnings that trigger when users start to install the Chrome or Firefox web browsers.

The warnings appear on Windows 10 and remind people they already have Microsoft’s Edge browser installed.

Text in the pop-up claims that Edge is a «faster, safer» browser for the Windows 10 operating system.

The prompts are included in versions of Windows 10 that trial novel future features.

In a statement, Microsoft said the warning windows were being tested with a small number of users who were part of its «Insiders» initiative.

«The Windows Insider Program enables Microsoft to test different features, functionality and garner feedback before rolling out broadly,» said the statement.

The warnings did not stop any software being installed, said Microsoft.

«Customers remain in control and can choose the browser of their choice,» it said. The warning panel links to a user settings system that lets them turn off the alerts.

In the past, Microsoft has been harshly penalised for using its dominance in desktop computing to push people towards its products. It has paid billions in fines for not doing enough to let people know about rival browsers.

The prompt is one of several features being tested prior to potential inclusion in the October update for Windows 10.

The BBC understands that, unlike some of the other new features in the prototype being tested by Insiders, the warnings will not be rolled out to the larger population of Windows 10 users in the next update.

What is windows browser warning

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Answered by:

Question

Running a Windows Server 2016 Active Directory domain, with about a dozen Windows 10 workstations with the latest build. I was looking through the event log of a couple of PCs and see this event every so often (sometimes daily, sometimes weekly):

Log Name: System

Date: 9/6/2018 7:03:50 PM

Task Category: None

The browser service was unable to retrieve a list of servers from the browser master \\ZZZZ on the network \Device\NetBT_Tcpip_.

Browser master: \\ZZZZ

This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

The browser master computer name in the event is one of 3 different workstations on the network.

DNS service is active on the server. Should I be concerned about these warnings?

Thanks and regards,

Answers

This behavior occurs because the Browser service is attempting to create a list of computers that are on your network. If the service is unable to find a master browser, this message is displayed in the event log.
I think you should not be concerned about these warnings.
We can think it as below:
When two machines are connected together via a network or parallel cable, they have to negotiate as to which is the «boss». This one then becomes the browse master and holds the information. I was always under the impression that this was a dynamic relationship that was re-negotiated at every new/refreshed session.

Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Hi,
From the official documentation I queried, this feature is basically used in the following operating system versions, so this feature may not be used much now.

Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

• Edited by Daisy Zhou Microsoft contingent staff Friday, September 28, 2018 9:34 AM
• Marked as answer by Harvey J Friday, September 28, 2018 12:41 PM

All replies

This behavior occurs because the Browser service is attempting to create a list of computers that are on your network. If the service is unable to find a master browser, this message is displayed in the event log.
I think you should not be concerned about these warnings.
We can think it as below:
When two machines are connected together via a network or parallel cable, they have to negotiate as to which is the «boss». This one then becomes the browse master and holds the information. I was always under the impression that this was a dynamic relationship that was re-negotiated at every new/refreshed session.

Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Thanks for the answer Daisy! Am I correct in saying that modern Active Directory networks (Windows 2003 and newer) do not even use the browser service for name resolution?

Thanks and regards,

Hi,
From the official documentation I queried, this feature is basically used in the following operating system versions, so this feature may not be used much now.

Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

• Edited by Daisy Zhou Microsoft contingent staff Friday, September 28, 2018 9:34 AM
• Marked as answer by Harvey J Friday, September 28, 2018 12:41 PM

Thanks very much Daisy!

Please close the case.

So is ok not to even setup WINs on a newer network? I just migrated my DCs to 2012R2 and am getting browser errors. I set up the 2012R2 DHCP, DNS, and WINS the same as the 2008R2 DCs.

Why is this topic in the Windows 10 forum? The Windows Server networking forum seems a better place for it.

Basically, whether you need the computer browser service and WINS depends on what OS the guest machines are running and what applications they are running. AD has not needed then since Windows 2000 when AD moved from using the computer browser service and Netbios names (NT4 and earlier) to using DNS.

Microsoft no longer supports SMB1 and strongly recommends not using it because of its security risk. For this reason SMB1 is disabled by default in current versions of Windows 10. If you disable SMB1, the computer browser service does not even run (or you can simply stop then disable the computer browser service then set it to Disabled). You probably do not need Netbios either, unless you have old clients (XP or earlier) or run legacy apps.

Windows 10 Privacy Warning As Edge Browser Data Issue Is Confirmed

Microsoft Edge logo displayed on an Android mobile device

Windows 10 defaults to the Microsoft Edge web browser as you would expect. What you probably wouldn’t expect, however, is to discover that it sends a whole bunch of information about your browsing back to Microsoft. This should come as a timely warning to the least tech-minded of users that there are alternative browsers that put privacy front and center.

Microsoft has come under scrutiny concerning privacy issues with the Edge web browser. Matt Weeks, a security researcher, tweeted that he had discovered «Edge apparently sends the full URL of pages you visit (minus a few popular sites) to Microsoft.» In other words, the URLs that you visit are sent in an un-obfuscated form that could enable Microsoft to track the sites you visit as Weeks pointed out the data sent «includes your very non-anonymous account ID.»

When the ever-reliable security publication Bleeping Computer heard about this, it decided to do some testing itself. «We learned that Windows 10 also transmits a great deal of potentially sensitive information about your applications to SmartScreen when you attempt to run them,» Bleeping Computer reported.

What data is sent back to Microsoft?

So what is going on here, and does any of this matter in the grand scheme of privacy things? Without going into too much technical detail, it appears that Weeks is right. Edge will communicate with SmartScreen, the Microsoft Windows Defender phishing and malware protection component bundled into the browser, in such a way that un-hashed information is sent over a secure connection. This information includes the URL of the site being visited as well as the user’s security identifier (SID) which is unique to every single Windows user account.

«While SmartScreen sharing URLs with Microsoft is simply the product working as designed and outlined in public documentation,» Simon Migliano, head of research at Top10VPN.com, says, «it’s a flawed process that’s a clear privacy risk and one that the vast majority of Edge users would be unaware of.»

Should you be concerned about the privacy implications?

Migliano thinks that it’s the inclusion of the SID that is rightly controversial here. «There will be a vast database somewhere out there containing historical browsing data combined with SIDs,» Migliano says. If this is the case, then there’s an obvious security risk as this would be a real treasure trove to the cybercrime fraternity. That said, the security risk is mitigated by the fact that the data is being sent over a secure connection so would require a man-in-the-middle attack to intercept it. If you were subject to such a thing, then «you’d have bigger problems than someone having your SmartScreen data,» Migliano points out.

The Bleeping Computer investigation, however, also revealed that SmartScreen «exposes a great deal of private information when launching an executable.» This is because of the way that Windows 10 defaults to enabling the «Check apps and files» feature using SmartScreen to warn of malicious files before they can be executed.

As part of this process, Windows 10 connects to a Microsoft server and sends information about that file. «Some of the information transmitted by Windows 10 includes the full path to the file on your computer and the URL you downloaded the file from,» Lawrence Abrams, creator and owner of Bleeping Computer, said before adding that «none of this information is hashed in any way.»

According to Abrams, the information exposed this way could be «sensitive and private,» including «private download URLs for sensitive files and the folder structure of internal Windows systems and networks.»

What should Microsoft do now?

All of this has been stated by Microsoft since it first developed the phishing filter for Internet Explorer 7. It has repeatedly published documentation declaring that URL and file information is shared with Microsoft over a secure connection.

It would also appear that users of the new Chromium-based version of the Edge browser, currently available for preview, will be spared the sending of the SID during SmartScreen requests. There is no indication that un-hashed URLs will stop being sent though, so it’s not all good news.

«Given that this behavior has been removed from Chromium Edge,» Migliano says, «it’s clear Microsoft understands that this is not appropriate.»

This is the biggest concern for Stuart Peck, director of cybersecurity strategy at ZeroDayLab, who says this «raises many privacy concerns around profiling online activities, how this information is used and how long it is retained for.» Peck insists that Microsoft should follow the lead of the Chrome safe browsing feature and hash the URLs. «If people are worried about this both Chrome and Firefox have better methods of handling this issue,» Peck says, adding «GDPR was created for the sole purpose of giving us more control of our data, if you are not happy with Microsoft profiling your browsing habits submit a subject access request, and ask for this information to be removed.»

Should you continue to use Microsoft Edge?

Chrome, Firefox, and Safari for that matter, all use the safe browsing system which sends hashed versions of the URL to be checked against a «bad hash» list of malicious sites. Microsoft must follow their lead, Migliano reckons. «Microsoft’s market share is already trailing Firefox and Chrome,» he says, adding «it simply can’t afford to lack the functionality of its rivals if it wants to claw back users.»

Until then, and with Edge being the default Windows 10 browser so the least tech-savvy will be disproportionately affected by the privacy issue, Migliano advises people «not to use Edge and switch to Firefox, which is superior to Chrome from a privacy perspective.»

I have approached Microsoft for a statement and will update this article as soon as I have it.