Prevent users from downloading harmful files

Chrome version 61 and later on.

For administrators who manage Chrome browser or Chrome OS devices for a business or school.

Equally a Chrome administrator, you can use the DownloadRestrictionspolicy to forbid users from downloading dangerous files, such as malware or infected files. Yous tin can prevent users from downloading all files or those that Google Safe Browsing identifies as dangerous. If users try downloading dangerous files, they go a security warning that they can't featherbed.

Step i: Review the policy

Policy: DownloadRestrictions

At that place are many types of download warnings within Chrome that tin can generally be categorized as follows:

  • Malicious, as flagged by the Safety Browsing server.
  • Uncommon or unwanted, as flagged past the Safe Browsing server.
  • A dangerous file type. For instance, all SWF downloads and many EXE downloads.

For more details on these categories, see Google Chrome blocks downloads.

Setting the DownloadRestrictions policy blocks different subsets of these, depending on it'south value:

  • 0—Default. No special restrictions.
  • 1—Blocks malicious files flagged by the Rubber Browsing server and blocks all unsafe file types.
    Note: We just recommend setting this policy for organization units, browsers, or users that do not regularly incorrectly place an entity, such as a file or a process, every bit malicious.
  • 2—Blocks the following files:
    • Malicious files flagged by the Safe Browsing server.
    • Uncommon or unwanted files flagged by the Safe Browsing server.
    • All dangerous file types.

    Annotation: We simply recommend setting this policy for arrangement units, browsers, or users that exercise not regularly incorrectly place an entity, such as a file or a process, as malicious.

  • three—Blocks all downloads. Non recommended, except for special use cases.
  • 4Recommended. Blocks malicious files flagged by the Prophylactic Browsing server only does not block dangerous file blazon.

Unset: Defaults to No restrictions, as described above.

What the policy restricts

These restrictions utilise to downloads that are triggered on webpages when users click a download link on the page or right-click a file and choose Salve link as.

What the policy does non restrict

The restrictions do not use when users salve a webpage past clicking File and thenSave page as, or Print and thenSave equally PDF.
For more details, see What is Safe Browsing?

Step 2: Prepare the policy

Click beneath for steps, based on how you want to manage these policies.

Admin panel

Can apply for signed-in users on any device or enrolled browsers on Windows, Mac, or Linux. For details, see Sympathise when settings utilise.

  1. From the Admin console Home page, go to Devices and then Chrome.

  2. Click Settings and then Users & browsers.
  3. To apply the setting to anybody, leave the top organizational unit of measurement selected. Otherwise, select a child organizational unit.
  4. Scroll to Chrome Condom Browsing.
  5. For Download restrictions, choose an option:
    • No special restrictions
    • Block all malicious downloads
    • Block unsafe downloads
    • Block potentially unsafe downloads
    • Block all downloads
  6. Click Relieve.

Windows

Applies to Windows  users who sign in to a managed account on Chrome browser.

Using Group Policy

In your Group Policy Management​ (Computer or User Configuration binder):

  1. Become to Policiesand then  Administrative Templates and then Googleand then  Google Chrome.
  2. Enable Permit Download Restrictions.
  3. Set an pick:
    • No special restrictions
    • Cake all malicious downloads
    • Cake unsafe downloads
    • Block potentially dangerous downloads
    • Block all downloads
  4. Deploy the policy to your users.

Mac

Applies to Mac  users who sign in to a managed account on Chrome browser.

In your Chrome configuration profile, add or update the following key and then deploy the modify to your users.

Gear up the DownloadRestrictions primal to <integer>value</integer>, where <value> is 0, 1, 2, iii, or 4.

Example lawmaking:

<key>DownloadRestrictions</key>
<dict>
<integer>1</integer>
</dict>

Linux

Applies to Linux  users who sign in to a managed account on Chrome browser.

In your preferred JSON file editor, add or update a JSON file and and so deploy the change to your users.

  1. Go to your etc/opt/chrome/policies/managed binder.
  2. Ready theDownloadRestrictions key to 0, one, ii, three, or 4.

Case code:

{
"DownloadRestrictions": "1"
}

Was this helpful?

How can we better it?