For compliancy reasons we need to demonstrate that users downloading and then running certain file types (namely .exe) are first presented with a warning (for Cyber Essentials). The setup are Windows 10 workstations (build 2004) running Novell Zenworks (now Microfocus) and Sophos Antivirus.
Zenworks applies local policy to the workstation and both smartscreen and medium risk extensions are set. Looking in the registry after login as an unprivileged user the registry keys appear to be present in Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Associations
When the test exe is downloaded from the internet the stream inside the file stating that it came from the internet zone is correctly set. When the file is run no warning appears and the stream disappears from the file.
Same settings tested in an Active Directory environment and works perfectly. Does anyone know of any GPO or registry settings that conflict with attachment manager? Could this be a feature within Sophos? It feels more like Zenworks but I have no proof!
Any guidance would be great
Thanks
