Forestall users from downloading harmful files

Chrome version 61 and later.

For administrators who manage Chrome browser or Chrome Os devices for a business or school.

As a Chrome ambassador, y'all can employ the DownloadRestrictionspolicy to prevent users from downloading dangerous files, such as malware or infected files. You lot can forestall users from downloading all files or those that Google Safe Browsing identifies as unsafe. If users try downloading dangerous files, they get a security alarm that they tin't bypass.

Step 1: Review the policy

Policy: DownloadRestrictions

There are many types of download warnings within Chrome that can generally be categorized as follows:

  • Malicious, equally flagged by the Safe Browsing server.
  • Uncommon or unwanted, as flagged by the Safe Browsing server.
  • A unsafe file type. For example, all SWF downloads and many EXE downloads.

For more details on these categories, run into Google Chrome blocks downloads.

Setting the DownloadRestrictions policy blocks different subsets of these, depending on it'south value:

  • 0—Default. No special restrictions.
  • 1—Blocks malicious files flagged by the Safe Browsing server and blocks all dangerous file types.
    Annotation: We only recommend setting this policy for system units, browsers, or users that do not regularly incorrectly identify an entity, such every bit a file or a process, equally malicious.
  • ii—Blocks the following files:
    • Malicious files flagged by the Safe Browsing server.
    • Uncommon or unwanted files flagged by the Safe Browsing server.
    • All unsafe file types.

    Notation: Nosotros but recommend setting this policy for organization units, browsers, or users that practice not regularly incorrectly identify an entity, such as a file or a process, every bit malicious.

  • 3—Blocks all downloads. Not recommended, except for special apply cases.
  • fourRecommended. Blocks malicious files flagged by the Safe Browsing server merely does not block dangerous file type.

Unset: Defaults to No restrictions, as described higher up.

What the policy restricts

These restrictions employ to downloads that are triggered on webpages when users click a download link on the page or right-click a file and choose Save link as.

What the policy does not restrict

The restrictions practice not apply when users relieve a webpage past clicking File and thenSave page every bit, or Print and thenSave as PDF.
For more details, see What is Safe Browsing?

Step 2: Set the policy

Click beneath for steps, based on how you want to manage these policies.

Admin console

Can apply for signed-in users on any device or enrolled browsers on Windows, Mac, or Linux. For details, see Understand when settings utilize.

  2. From the Admin panel Habitation folio, become to Devices and then Chrome.

  3. Click Settings and then Users & browsers.
  4. To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit.
  5. Scroll to Chrome Safe Browsing.
  6. For Download restrictions, cull an option:
    • No special restrictions
    • Block all malicious downloads
    • Block dangerous downloads
    • Block potentially dangerous downloads
    • Block all downloads
  7. Click Save.

Windows

Applies to Windows  users who sign in to a managed business relationship on Chrome browser.

Using Group Policy

In your Group Policy Management​ (Computer or User Configuration folder):

  1. Get to Policiesand then  Administrative Templates and then Googleand then  Google Chrome.
  2. Enable Allow Download Restrictions.
  3. Gear up an option:
    • No special restrictions
    • Block all malicious downloads
    • Cake dangerous downloads
    • Cake potentially unsafe downloads
    • Block all downloads
  4. Deploy the policy to your users.

Mac

Applies to Mac  users who sign in to a managed account on Chrome browser.

In your Chrome configuration profile, add or update the post-obit key and then deploy the change to your users.

Set the DownloadRestrictions key to <integer>value</integer>, where <value> is 0, 1, 2, 3, or 4.

Instance code:

<key>DownloadRestrictions</key>
<dict>
<integer>1</integer>
</dict>

Linux

Applies to Linux  users who sign in to a managed account on Chrome browser.

In your preferred JSON file editor, add or update a JSON file and then deploy the change to your users.

  1. Get to your etc/opt/chrome/policies/managed folder.
  2. Prepare theDownloadRestrictions key to 0, one, two, 3, or 4.

Instance code:

{
"DownloadRestrictions": "1"
}

Was this helpful?

How can we improve it?