Prevent users from downloading harmful files

Chrome version 61 and later.

For administrators who manage Chrome browser or Chrome OS devices for a business organisation or schoolhouse.

Every bit a Chrome ambassador, you lot can utilize the DownloadRestrictionspolicy to prevent users from downloading dangerous files, such every bit malware or infected files. You lot can preclude users from downloading all files or those that Google Safe Browsing identifies as dangerous. If users try downloading dangerous files, they become a security warning that they tin can't bypass.

Step 1: Review the policy

Policy: DownloadRestrictions

There are many types of download warnings inside Chrome that can more often than not be categorized as follows:

  • Malicious, as flagged by the Prophylactic Browsing server.
  • Uncommon or unwanted, as flagged past the Safe Browsing server.
  • A dangerous file type. For example, all SWF downloads and many EXE downloads.

For more details on these categories, see Google Chrome blocks downloads.

Setting the DownloadRestrictions policy blocks different subsets of these, depending on information technology'south value:

  • 0—Default. No special restrictions.
  • 1—Blocks malicious files flagged by the Safe Browsing server and blocks all dangerous file types.
    Note: We only recommend setting this policy for arrangement units, browsers, or users that practice not regularly incorrectly identify an entity, such as a file or a procedure, every bit malicious.
  • 2—Blocks the post-obit files:
    • Malicious files flagged past the Safe Browsing server.
    • Uncommon or unwanted files flagged by the Safe Browsing server.
    • All dangerous file types.

    Note: Nosotros only recommend setting this policy for organization units, browsers, or users that do not regularly incorrectly place an entity, such every bit a file or a process, as malicious.

  • 3—Blocks all downloads. Not recommended, except for special utilise cases.
  • 4Recommended. Blocks malicious files flagged past the Safe Browsing server but does not cake unsafe file type.

Unset: Defaults to No restrictions, as described above.

What the policy restricts

These restrictions use to downloads that are triggered on webpages when users click a download link on the page or correct-click a file and choose Relieve link as.

What the policy does non restrict

The restrictions do non apply when users save a webpage by clicking File and thenSalve folio equally, or Print and thenRelieve equally PDF.
For more details, run across What is Safe Browsing?

Pace 2: Fix the policy

Click below for steps, based on how you want to manage these policies.

Admin console

Can utilize for signed-in users on any device or enrolled browsers on Windows, Mac, or Linux. For details, see Empathize when settings apply.

  2. From the Admin panel Home page, go to Devices and then Chrome.

  3. Click Settings and then Users & browsers.
  4. To employ the setting to everyone, go out the top organizational unit selected. Otherwise, select a kid organizational unit.
  5. Scroll to Chrome Safe Browsing.
  6. For Download restrictions, cull an option:
    • No special restrictions
    • Block all malicious downloads
    • Cake dangerous downloads
    • Block potentially dangerous downloads
    • Block all downloads
  7. Click Save.

Windows

Applies to Windows  users who sign in to a managed account on Chrome browser.

Using Group Policy

In your Group Policy Management​ (Computer or User Configuration binder):

  1. Get to Policiesand then  Administrative Templates and then Googleand then  Google Chrome.
  2. Enable Allow Download Restrictions.
  3. Prepare an option:
    • No special restrictions
    • Cake all malicious downloads
    • Block dangerous downloads
    • Cake potentially unsafe downloads
    • Block all downloads
  4. Deploy the policy to your users.

Mac

Applies to Mac  users who sign in to a managed account on Chrome browser.

In your Chrome configuration profile, add or update the post-obit fundamental and so deploy the modify to your users.

Set the DownloadRestrictions key to <integer>value</integer>, where <value> is 0, 1, two, three, or 4.

Example code:

<key>DownloadRestrictions</fundamental>
<dict>
<integer>i</integer>
</dict>

Linux

Applies to Linux  users who sign in to a managed account on Chrome browser.

In your preferred JSON file editor, add or update a JSON file and then deploy the change to your users.

  1. Go to your etc/opt/chrome/policies/managed folder.
  2. Set theDownloadRestrictions key to 0, i, 2, 3, or iv.

Example code:

{
"DownloadRestrictions": "1"
}

Was this helpful?

How tin can we improve it?