Managing the Phishing Filter Group Policy Object in Windows

Managing the Phishing Filter Group Policy Object in Windows
Page content

Phishing Filter in Internet Explorer 7 and 8

Microsoft has added the Phishing Filter feature in Internet Explorer 7. Internet Explorer 8 also uses a phishing filter but it is called SmartScreen Filter. The phishing filter in IE8 is enabled by default to check the status of the URL address. The phishing filter in IE7 is not enabled by default or when you upgrade IE to Version 7 of Internet Explorer. Similar to antivirus detection signatures, the Microsoft Phishing Filter includes a database. The phishing filter database consists of legitimate websites and is updated by Microsoft via Windows Update and stored locally. In addition to legitimate lists databases, the phishing filter for Internet Explorer contacts the Microsoft URL Reputation Service. The reputation service is an online service that Microsoft is using from the third-party phishing data providers and from the end-user reports.

If a website is included in the legitimate lists, the phishing filter takes no action. However, if the website is not in the legitimate lists, the phishing filter will run the browser-based heuristic detection or contact the Microsoft URL Reputation service. If any of these actions by IE has detected malicious or phishing content or website, the browser will prevent the URL from loading. A warning is displayed to the end-user with information on why the page was blocked.

The Microsoft Phishing Filter and SmartScreen Filter for Internet Explorer is easy to control using the browser, but for advanced users or administrators who wants to control computers in an office, the group policy editor is the tool to use in managing the settings of the phishing filter.

Controlling Phishing Filter by Using Group Policy

Phishing Filter in IE7

End-users of Internet Explorer 7 and 8 may always change the settings of the Phishing Filter for IE7 or the SmartScreen Filter in IE8. The only settings the end-users have are to enable and disable the filtering feature from the browser’s tools menu or in the Advanced tab of Internet Options.

An administrator who manages many computers in an organization or business could prefer to control the settings of Phishing Filter or SmartScreen Filter for IE using the Group Policy Editor. This allows the administrators to set one setting for Phishing for all computers in their network and prevent the users of the computers at work to modify the settings.

The group policy object (GPO) for the Phishing Filter in IE7 is easy to manage by opening the Group Policy Editor (type gpedit.msc in the run command in Windows, then hit OK key on the keyboard). Navigate from Computer Configuration to User Configuration > Administrative Templates > Windows Components > Internet Explorer. In the details or right pane, double-click the “Turn off Managing Phishing filter” to start managing the Microsoft Phishing Filter in IE.

Phishing Filter - Group Policy Editor

By default, the “Turn off Managing Phishing filter” is not configured which means the settings that the Phishing Filter in IE7 may be configured using the browser by any user who have access to IE.

IE7 Phishing Filter Group Policy

Selecting “Enabled” and configuring the phishing filter mode to “Automatic” means the browser will always check a website without prompting the user to check whether a website is a reported phishing site. Selecting a “Manual” phishing filter mode will display a balloon or phishing filter icon as a prompt to check a website for its status from the Microsoft URL Reputation service. Note that selecting Manual will automatically check the URL or website using the local analysis or based on the legitimate lists. If the administrator do not want any computers in the network to use the Phishing Filter, the “Off” phishing filter mode will be selected. The end-users of the computers in the network will not be able to change the settings using the browser settings or tools menu.

Manual Phishing Filter Group Policy

The settings of Phishing Filter for IE7 using Group Policy Editor applies to all security zones of Internet Explorer except the “Local Intranet” Zone which by default disabled or not in use. This because the database that the Phishing Filter is using will ignore or will not take action on any websites, URL or IP addresses that are listed in the legitimate lists and Intranet sites.

Please note that the Phishing Filter group policy object only applies to Internet Explorer 7. If you are using IE8 or the upcoming Version 9 of Internet Explorer; the Phishing Filter group policy object does not apply but you need to use the SmartScreen Filter GPO:

SmartScreen Filter GPO for IE8 and higher

Image credit: Screenshot taken by the author.