2025-02-20 20:21:59 -05:00
5 changed files with 5 additions and 8 deletions
--- a/Linux/managed.json
+++ b/Linux/managed.json
@ -4,6 +4,7 @@
  "CAPlatformIntegrationEnabled": false, 
  "AutomaticFullscreenBlockedForUrls": [ "*" ],
  "CookiesBlockedForUrls": [ "ntp.msn.com" ],
+  "DefaultAutomaticDownloadsSetting": 2,
  "DefaultGeolocationSetting": 2,
  "DefaultInsecureContentSetting": 2,
  "DefaultCookiesSetting": 4,
--- a/Linux/recommended.json
+++ b/Linux/recommended.json
@ -1,5 +1,4 @@
 {
    "SmartScreenEnabled": false,
-    "TyposquattingCheckerEnabled": false,
-    "ScarewareBlockerProtectionEnabled": false
+    "TyposquattingCheckerEnabled": false
 }
--- a/README.md
+++ b/README.md
@ -9,12 +9,11 @@ For corporate environments, you will need make approprieate changes, including b
 - Set `DefaultWebUsbGuardSetting` to "Block". In most cases, the websites will never need to use this API. I need it to flash GrapheneOS and StockOS on my phones.
 - Set `DefaultClipboardSetting` to "Block". In most cases, users do not need to grant this permission for websites to work. I need it for GitHub Codespaces.
 - Set `DefaultJavaScriptJitSetting` to "Block". This will prevent users from adding exceptions to Enhanced Security Mode.
- Set `DefaultAutomaticDownloadsSetting` to "Block". In most cases, websites do not need this API. I need Automatic Downloads for my reMarkable tablet.
 - Remove the uBlock Origin Lite extension whitelist. I am not aware of any way to block users from granting uBlock Origin Lite access to all content on a website, which is a security risk. If you know of a way to enforce that the extension runs permission-less, please let me know.
 - Set `SSLErrorOverrideAllowed` to false.
 - Further restrict permissions that websites can prompt for.
 - Consider removing the `Disable3DAPIs` policy. Currently, WebGL is disabled in my policies and a few sites will break, so whether to do this highly depends on your organization.
- Consider mandating that `SmartScreenEnabled` and `ScarewareBlockerProtectionEnabled` are set to disabled. `TyposquattingCheckerEnabled` is also potentially invasive, though I have not confirmed this. Please make an issue to let me know of your findings.
+- Consider mandating that `SmartScreenEnabled` is set to disabled. `TyposquattingCheckerEnabled` is also potentially invasive, though I have not confirmed this. Please make an issue to let me know of your findings.

 ## Linux

--- a/Preferences/com.microsoft.Edge.plist
+++ b/Preferences/com.microsoft.Edge.plist
@ -16,6 +16,8 @@
    <array>
      <string>ntp.msn.com</string>
    </array>
+    <key>DefaultAutomaticDownloadsSetting</key>
+    <integer>2</integer>
    <key>DefaultGeolocationSetting</key>
    <integer>2</integer>
    <key>DefaultInsecureContentSetting</key>
@ -82,8 +84,6 @@
    <false />
    <key>RelatedWebsiteSetsEnabled</key>
    <false />
-    <key>ScarewareBlockerProtectionEnabled</key>
-    <false />
    <key>InsecurePrivateNetworkRequestsAllowed</key>
    <false />
    <key>PrivateNetworkAccessRestrictionsEnabled</key>
--- a/macOS/Preferences/com.microsoft.Edge.plist
+++ b/macOS/Preferences/com.microsoft.Edge.plist
@ -6,7 +6,5 @@
    <false />
    <key>TyposquattingCheckerEnabled</key>
    <false />
-    <key>ScarewareBlockerProtectionEnabled</key>
-    <false />
  </dict>
 </plist>