Prevent users from downloading harmful files

Chrome version 61 and later.

Applies to managed Chrome Browsers on Windows, Mac, and Linux.

As a Chrome administrator, you can use the DownloadRestrictions policy to prevent users from downloading dangerous files, such as malware or infected files. You can prevent users from downloading all files or those that Google Safe Browsing identifies as dangerous. If users try downloading dangerous files, Safe Browsingshows them a security warning that they can’t bypass.

Step 1: Review the policy

Policy: DownloadRestrictions

Prevents users from bypassing Safe Browsing security warnings to download dangerous files. Or, prevents all downloads.

Set this policy with one of the following values:

  • 0 - No restrictions: All downloads are allowed. Users still receive warnings about sites identified as dangerous by Safe Browsing. But, they can bypass the warning and access the site.
  • 1 - Block dangerous downloads: All downloads are allowed, except those marked with Safe Browsing warnings of dangerous downloads.
  • 2 - Block potentially dangerous downloads: All downloads are allowed, except those marked with Safe Browsing warnings of potentially dangerous downloads.
  • 3 - Block all downloads: No downloads are allowed.

Unset: Defaults to No restrictions, as described above.

What the policy restricts

Setting this policy restricts downloads that are triggered on webpages when users click a download link on the page or right-click a file and choose Save link as.

However, restrictions do not apply when users save a webpage by clicking File and then Save page as, or Print and then Save as PDF.

Step 2: Set the policy

Click below for steps, based on how you want to manage these policies.

Windows
Applies to Windows users who sign in to a managed account on Chrome Browser.

Using Group Policy 

In your Microsoft Windows Group Policy Editor (Computer or User Configuration folder):
  1. Go to Policies and then Administrative Templates and then Google and then Google Chrome.
  2. Enable Allow Download Restrictions.
  3. Set an option:
    • Block all downloads
    • Block all dangerous downloads
    • Block potentially dangerous downloads
    • No special restrictions
  4. Deploy the policy to your users.
Mac
Applies to Mac users who sign in to a managed account on Chrome Browser.

In your Chrome configuration profile, add or update the following key and then deploy the change to your users.

Set the DownloadRestrictions key to <integer>value</integer>, where <value> is 0, 1, 2, or 3.

Example code:

<key>DownloadRestrictions</key>
  <dict>
  <integer>1</integer>
</dict>

Linux
Applies to Linux users who sign in to a managed account on Chrome Browser.

In your preferred JSON file editor, add or update a JSON file and then deploy the change to your users.

  1. Go to your etc/opt/chrome/policies/managed folder.
  2. Set the DownloadRestrictions key to 0, 12, or 3.
     

Example code:

{
"DownloadRestrictions": "1"
}

 

Was this article helpful?
How can we improve it?