Microsoft Defender SmartScreen is a formidable safety net against phishing or malware attacks when browsing the web. However, controlled environments may favor third-party software that gives them more customization options.
On that note, if you’re looking to manage security protocols, troubleshoot compatibility issues, or enforce policies for certain user groups or endpoints, this guide will showcase how you can enable or disable Microsoft Defender SmartScreen in Windows.
💡 Note: The methods in this guide apply to both Windows 10 and Windows 11. While some menu layouts or naming conventions may vary slightly between versions, the Group Policy settings, Registry keys, and PowerShell commands are functionally the same.
Methods for managing Microsoft Defender SmartScreen
For a few options in this guide, you’ll need some or all of the following requirements to complete the action.
✔️ Microsoft Defender must be enabled to update its settings.
✔️ A stable internet connection to run and update SmartScreen.
✔️ Windows 11 Pro, Enterprise, and Education editions to run Group Policy Editor.
✔️ Administrative access for Windows Registry or GPO-based configuration.
⚠️ Warning: Making unwanted changes to the Registry Editor can affect your system’s performance and stability. Learn how to back up the Windows Registry to save and restore the database when necessary.
Method 1: Enable or disable SmartScreen via the Windows Security GUI
This method is useful for one-time or user-driven configurations.
- Open Settings → Privacy & security → Windows Security → App & browser control.
- Under Reputation-based protection, click Reputation-based protection settings.
- Toggle Check apps and files On = Enabled (recommended) or Off = Disabled.
Method 2: Enable or disable SmartScreen via Group Policy (Enterprise Control)
As a reminder, GPO requires Windows 10 or 11 Pro or higher and Microsoft Defender policies to be available. This method is ideal for consistent policy enforcement across all managed systems.
- Press Win + R, type gpedit.msc, and tap OK to open Local Group Policy Editor.
- Navigate to Computer Configuration → Administrative Templates → Windows Components → File Explorer.
- Find and double-click Configure Windows Defender SmartScreen.
- Set it to Enabled if you want SmartScreen to Warn or Warn and prevent bypass when unverified programs are detected. Toggle Disabled to stop SmartScreen entirely.
- Apply changes.
For changes to immediately take effect, you may run gpupdate /force or restart the system. Here’s a guide for forcing a Group Policy Update remotely.
Method 3: Enable or disable SmartScreen via Registry (per user or system-wide)
- Press Win + R, type regedit in the dialog box, and tap OK to open the Registry Editor.
- Navigate or paste the following path to the Registry address bar:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer - Modify or create a SmartScreenEnabled 32-bit DWORD value.
- Double-click it and set the Value data to:
- “RequireAdmin” = Warn
- “Warn” = Prompt without admin
- “Off” = Disable
- Close the Registry Editor.
You may also modify the Registry by running an equivalent PowerShell command:
Set-ItemProperty -Path
“HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer” -Name
“SmartScreenEnabled” -Value “Warn”
Check out the guide if you need a refresher or an overview of PowerShell.
Method 4: Validate SmartScreen state via PowerShell
Use this command to query SmartScreen configuration using PowerShell:
Get-MpPreference | Select-Object SmartScreenForExplorer.
Then to enable SmartScreen run :
Set-MpPreference -SmartScreenForExplorer Enabled
or
Set-MpPreference -SmartScreenForExplorer Disabled to disable it.
🥷 Note: These cmdlets apply Windows Defender preferences and may require Defender’s core services to run as intended.
Additional considerations when configuring SmartScreen settings
Here are some additional actions to review or complement your updated Windows Defender SmartScreen preferences.
Check event logs
You can use the Event Viewer to review the list of restricted items by SmartScreen. Just navigate to Applications and Services Logs → Microsoft → Windows → SmartScreen to track related actions.
Third-Party AV impact
Some third-party antivirus solutions may disable SmartScreen by default to avoid compatibility issues. After installing a new antivirus software, you can check the active SmartScreen configuration via PowerShell.
Consider alternative policies
If you choose to disable SmartScreen, consider using AppLocker or Windows Defender Application Control (WDAC) policies as alternative security protocols.
Quick-Start Guide
NinjaOne provides script capabilities that could be used to modify SmartScreen settings. You could create a PowerShell or registry script to:
– Enable/disable SmartScreen: Configure SmartScreen check settings for apps and files from the web
If you need specific configuration, I recommend:
– Consulting with a NinjaOne support representative
– Creating a custom script to modify the relevant registry keys
– Using Group Policy management through NinjaOne’s policy tools
SmartScreen settings for managed environments
Enabling SmartScreen is recommended to help filter out malicious programs and malware attacks on Windows devices. However, there are also instances where it needs to be disabled in favor of more comprehensive security protocols.
As an example, some antivirus or anti-malware programs require SmartScreen to be switched off to avoid compatibility issues. With that said, check out this expertly compiled list of the best malware protection solutions for controlled environments.
