Prevent users from downloading harmful files

Chrome version 61 and later.

For administrators who manage Chrome browser or Chrome OS devices for a business organisation or school.

As a Chrome administrator, you can apply the DownloadRestrictionspolicy to forbid users from downloading dangerous files, such every bit malware or infected files. You tin forestall users from downloading all files or those that Google Safe Browsing identifies as dangerous. If users try downloading unsafe files, they get a security warning that they tin can't bypass.

Step one: Review the policy

Policy: DownloadRestrictions

There are many types of download warnings within Chrome that can more often than not be categorized as follows:

  • Malicious, as flagged by the Safe Browsing server.
  • Uncommon or unwanted, as flagged past the Safe Browsing server.
  • A dangerous file type. For example, all SWF downloads and many EXE downloads.

For more details on these categories, see Google Chrome blocks downloads.

Setting the DownloadRestrictions policy blocks unlike subsets of these, depending on it's value:

  • 0—Default. No special restrictions.
  • one—Blocks malicious files flagged past the Condom Browsing server and blocks all dangerous file types.
    Note: We merely recommend setting this policy for organization units, browsers, or users that exercise non regularly incorrectly place an entity, such as a file or a process, as malicious.
  • 2—Blocks the following files:
    • Malicious files flagged by the Safe Browsing server.
    • Uncommon or unwanted files flagged by the Safe Browsing server.
    • All dangerous file types.

    Note: We only recommend setting this policy for organization units, browsers, or users that practice not regularly incorrectly identify an entity, such equally a file or a process, as malicious.

  • 3—Blocks all downloads. Not recommended, except for special use cases.
  • 4Recommended. Blocks malicious files flagged by the Safe Browsing server simply does non block dangerous file type.

Unset: Defaults to No restrictions, as described above.

What the policy restricts

These restrictions apply to downloads that are triggered on webpages when users click a download link on the folio or correct-click a file and choose Save link as.

What the policy does not restrict

The restrictions do not apply when users salvage a webpage past clicking File and thenSave page as, or Print and thenSave as PDF.
For more details, see What is Safe Browsing?

Step 2: Set the policy

Click below for steps, based on how you lot want to manage these policies.

Admin console

Can apply for signed-in users on any device or enrolled browsers on Windows, Mac, or Linux. For details, encounter Empathise when settings use.

  2. From the Admin console Habitation page, become to Devices and then Chrome.

  3. Click Settings and then Users & browsers.
  4. To apply the setting to everyone, go out the top organizational unit selected. Otherwise, select a kid organizational unit.
  5. Scroll to Chrome Prophylactic Browsing.
  6. For Download restrictions, choose an choice:
    • No special restrictions
    • Block all malicious downloads
    • Block dangerous downloads
    • Block potentially unsafe downloads
    • Block all downloads
  7. Click Save.

Windows

Applies to Windows  users who sign in to a managed business relationship on Chrome browser.

Using Group Policy

In your Group Policy Management​ (Computer or User Configuration folder):

  1. Go to Policiesand then  Administrative Templates and then Googleand then  Google Chrome.
  2. Enable Permit Download Restrictions.
  3. Fix an pick:
    • No special restrictions
    • Block all malicious downloads
    • Block dangerous downloads
    • Cake potentially dangerous downloads
    • Block all downloads
  4. Deploy the policy to your users.

Mac

Applies to Mac  users who sign in to a managed account on Chrome browser.

In your Chrome configuration contour, add or update the following key and so deploy the alter to your users.

Set the DownloadRestrictions central to <integer>value</integer>, where <value> is 0, ane, 2, 3, or 4.

Example code:

<central>DownloadRestrictions</fundamental>
<dict>
<integer>one</integer>
</dict>

Linux

Applies to Linux  users who sign in to a managed business relationship on Chrome browser.

In your preferred JSON file editor, add together or update a JSON file and then deploy the modify to your users.

  1. Go to your etc/opt/chrome/policies/managed folder.
  2. Prepare theDownloadRestrictions key to 0, i, two, iii, or 4.

Instance code:

{
"DownloadRestrictions": "i"
}

Was this helpful?

How tin we meliorate it?