Move ScarewareBlockerProtectionEnabled to recommended

Signed-off-by: Tommy <contact@tommytran.io>
Set ScarewareBlockerProtectionEnabled to false
2025-02-20 20:21:59 -05:00 · 2025-02-10 14:48:04 -07:00 · 2025-02-10 14:44:07 -07:00 · 2025-02-10 14:29:15 -07:00
5 changed files with 8 additions and 5 deletions
--- a/Linux/managed.json
+++ b/Linux/managed.json
@ -4,7 +4,6 @@
  "CAPlatformIntegrationEnabled": false, 
  "AutomaticFullscreenBlockedForUrls": [ "*" ],
  "CookiesBlockedForUrls": [ "ntp.msn.com" ],
-  "DefaultAutomaticDownloadsSetting": 2,
  "DefaultGeolocationSetting": 2,
  "DefaultInsecureContentSetting": 2,
  "DefaultCookiesSetting": 4,
--- a/Linux/recommended.json
+++ b/Linux/recommended.json
@ -1,4 +1,5 @@
 {
    "SmartScreenEnabled": false,
-    "TyposquattingCheckerEnabled": false
+    "TyposquattingCheckerEnabled": false,
+    "ScarewareBlockerProtectionEnabled": false
 }
--- a/README.md
+++ b/README.md
@ -9,11 +9,12 @@ For corporate environments, you will need make approprieate changes, including b
 - Set `DefaultWebUsbGuardSetting` to "Block". In most cases, the websites will never need to use this API. I need it to flash GrapheneOS and StockOS on my phones.
 - Set `DefaultClipboardSetting` to "Block". In most cases, users do not need to grant this permission for websites to work. I need it for GitHub Codespaces.
 - Set `DefaultJavaScriptJitSetting` to "Block". This will prevent users from adding exceptions to Enhanced Security Mode.
+- Set `DefaultAutomaticDownloadsSetting` to "Block". In most cases, websites do not need this API. I need Automatic Downloads for my reMarkable tablet.
 - Remove the uBlock Origin Lite extension whitelist. I am not aware of any way to block users from granting uBlock Origin Lite access to all content on a website, which is a security risk. If you know of a way to enforce that the extension runs permission-less, please let me know.
 - Set `SSLErrorOverrideAllowed` to false.
 - Further restrict permissions that websites can prompt for.
 - Consider removing the `Disable3DAPIs` policy. Currently, WebGL is disabled in my policies and a few sites will break, so whether to do this highly depends on your organization.
- Consider mandating that `SmartScreenEnabled` is set to disabled. `TyposquattingCheckerEnabled` is also potentially invasive, though I have not confirmed this. Please make an issue to let me know of your findings.
+- Consider mandating that `SmartScreenEnabled` and `ScarewareBlockerProtectionEnabled` are set to disabled. `TyposquattingCheckerEnabled` is also potentially invasive, though I have not confirmed this. Please make an issue to let me know of your findings.

 ## Linux

--- a/Preferences/com.microsoft.Edge.plist
+++ b/Preferences/com.microsoft.Edge.plist
@ -16,8 +16,6 @@
    <array>
      <string>ntp.msn.com</string>
    </array>
-    <key>DefaultAutomaticDownloadsSetting</key>
-    <integer>2</integer>
    <key>DefaultGeolocationSetting</key>
    <integer>2</integer>
    <key>DefaultInsecureContentSetting</key>
@ -84,6 +82,8 @@
    <false />
    <key>RelatedWebsiteSetsEnabled</key>
    <false />
+    <key>ScarewareBlockerProtectionEnabled</key>
+    <false />
    <key>InsecurePrivateNetworkRequestsAllowed</key>
    <false />
    <key>PrivateNetworkAccessRestrictionsEnabled</key>
--- a/macOS/Preferences/com.microsoft.Edge.plist
+++ b/macOS/Preferences/com.microsoft.Edge.plist
@ -6,5 +6,7 @@
    <false />
    <key>TyposquattingCheckerEnabled</key>
    <false />
+    <key>ScarewareBlockerProtectionEnabled</key>
+    <false />
  </dict>
 </plist>
Author	SHA1	Message	Date
Tommy	008c0b8979	Move ScarewareBlockerProtectionEnabled to recommended Signed-off-by: Tommy <contact@tommytran.io>	2025-02-10 14:48:04 -07:00
Tommy	0b2b24ed5a	Set ScarewareBlockerProtectionEnabled to false Signed-off-by: Tommy <contact@tommytran.io>	2025-02-10 14:44:07 -07:00
Tommy	d7a8eeb538	Remove "DefaultAutomaticDownloadsSetting": 2 Signed-off-by: Tommy <contact@tommytran.io>	2025-02-10 14:29:15 -07:00