This week is all about a relatively new security feature within the Microsoft Edge browser, and that feature is scareware blocker. Scareware blocker is a security feature to protect against scareware attacks. Scareware attacks often display as full-screen pop-ups with all sorts of warnings claiming that the device has been compromised. The idea behind those attacks is often to frighten users into calling fraudulent support numbers or downloading harmful software. Scareware blocker can automatically detect and stop these attacks, by using machine learning. This post will start with a brief introduction about scareware blocker in Microsoft Edge, followed with the steps to enable it. This post will end with an overview of the user experience.
Note: At the moment of writing scareware blocker is still a preview feature in Microsoft Edge on Windows.
Introducing scareware blocker in Microsoft Edge
When looking at the configuration of scareware blocker in Microsoft Edge, it’s good to first understand how it works and what configuration options are available. And that all starts with Microsoft Defender SmartScreen. Most users that land on a scam site in Microsoft Edge will be protected by Microsoft Defender SmartScreen, which provides real-time checks on new and unfamiliar sites. Once an abusive site is detected, SmartScreen can protect users within minutes.
Scareware blocker adds new functionality on top of that, to help protect users that are exposed to a new scam when it attempts to open a full screen page. Scareware blocker uses a machine learning model that runs locally on the device. That model uses computer vision to compare full screen pages to thousands of sample scams that the scam-fighting community shared with Microsoft. Important within that whole process is that the model runs locally on the device, without saving or sending images to the cloud. Within that whole process cloud analysis is used to update the local model as scam adapts. And, eventually it will result in updated site reputation in Microsoft Defender SmartScreen to block future attacks.
Scareware blocker will be off by default and can be enabled by the user. Besides that, the IT administrator has the controls for configuring the behavior within the organization. For this, there is an ADMX-backed setting available. That setting is available in the Scareware Blocker settings category and are briefly described in the table below.
| Setting | Description |
|---|---|
| ScarewareBlockerProtectionEnabled | This setting can be used to control whether Microsoft Edge enables the Scareware Blocker, an AI-powered feature that provides warning messages to help protect users from potential tech scams. |
Note: All of the described settings are ADMX-backed settings that are backed via the MSEdge.admx.
Configuring scareware blocker in Microsoft Edge
After being familiar with the main configuration options for configuring scareware blocker in Microsoft Edge, it’s time to have a look at the configuration itself. The described setting for managing scareware blocker in Microsoft Edge are available within the Settings Catalog in Microsoft Intune. The Settings Catalog nowadays contains the latest settings related to Microsoft Edge. The following 8 steps can be used to enable the scareware blocker in Microsoft Edge, by using Settings Catalog.
- Open the Microsoft Intune admin center portal and navigate to Devices > Windows > Configuration profiles
- On the Windows | Configuration profiles blade, click Create > New Policy
- On the Create a profile blade, select Windows 10 and later > Settings catalog and click Create
- On the Basics page, provide at least a unique name to distinguish it from similar profiles and click Next
- On the Configuration settings page, as shown below in Figure 1, perform the following actions and click Next
- Click Add settings, navigate to Microsoft Edge > Scareware Blocker settings and select the Configure Edge Scareware Blocker Protection setting in Settings picker
- Switch the slider to the left for the selected setting to enable scareware blocker in Microsoft Edge
- On the Scope tags page, configure the required scope tags and click Next
- On the Assignments page, configure the assignment for the required user or devices and click Next
- On the Review + create page, verify the configuration and click Create
Note: When the policy is not configured scareware blocker will not warn users of potential tech scams.
Experiencing scareware blocker in Microsoft Edge
When the configuration to enable scareware blocker is applied, it’s time to experience the configuration. The nicest would be to show the end user experience, but that would require a scam site. That is challenging to test. The behavior when scareware blocker suspects a page is a scam should be that Microsoft Edge puts the user back in control by exiting full screen mode, stopping aggressive audio playback, warning the user, and showing a thumbnail of the page they were just viewing. That is challenging to show in a screenshot. A whole lot easier is to show the applied configuration. Within the Microsoft Edge settings the Scareware blocker setting can be found in the Privacy, search and services section (as shown below in Figure 2).
More information
For more information about scareware in Microsoft Edge, refer to the following docs.
- Microsoft Edge Browser Policy Documentation ScarewareBlockerProtectionEnabled | Microsoft Learn
- Scareware blocker | Microsoft Edge
- Stand up to scareware with scareware blocker, now available in preview in Microsoft Edge – Microsoft Edge Blog
Discover more from All about Microsoft Intune
Subscribe to get the latest posts sent to your email.
How do we test to confirm this new security setting modification is effective and working?
Thanks,
Sohel
Hi Sohel,
I wish I had the answer. It would have been nice if there was a test page that could be visited.
Regards, Peter
Interesting feature.
Would be nice if it also could stop the scareware using Edge’s Desktop/Website Notifications as well.
You mean instead of needing to block those sites all one-by-one. Yes, that would have been nice.
Regards, Peter
Exactly! 😊