​​​​A timeline of consent and control

In October we announced some changes to our BrowserModifier detection criteria. These changes were designed to keep a user in charge of their web browsers through consent and control. Since the changes were announced we have been working with software developers to align their programs with our criteria.

To provide more clarity, we are sharing our timeline for compliance. This blog sets an enforcement timetable and further clarifies our detection criteria.


Our objective criteria states that a program should not:

  • Prevent or limit users from viewing or modifying browser features or settings.

Preventing control

Enforcement date: Immediate

The most common violations of this criteria are programs that disable browser extension controls. Some do this by disabling the controls in the Manage Add-ons dialog.

Extension control removed

Figure 1: Internet Explorer extension control removed

In Figure 1, the user should be able to disable this extension but their control has been removed.

Another way user control over a web browser is prevented is by the removal of proxy control.

Proxy control removed

Figure 2: Proxy control removed in Internet Explorer

In Figure 2, a user should be able turn off the proxy control.

These are not the only examples of programs preventing user browser control that we have seen. Nor are they the only two that we will enforce.

It has been six weeks since we changed our detection criteria to include behavior that impacts a user’s web browser control. We are now enforcing these new criteria in all our antimalware products.

Limiting control

Enforcement date: 1 January, 2015

Programs that limit a user’s ability to choose their default search provider will also be detected. This could be through additional questioning when a user tries to change their default search provider.

settings change blocker

Figure 3: Examples of a settings change blocker

Internet Explorer confirmation dialog box

Figure 4: Internet Explorer confirmation dialog box

Internet Explorer confirmation dialog box

Figure 5: Program discouraging a user from changing their default search settings

From 1 January, 2015 we will detect behavior that limits a user’s ability to choose their default search provider.

Programs should also not limit the user’s ability to change their default home page by adding additional questioning for the user.

Internet Explorer confirmation dialog box

Figure 6: Program discouraging a user from changing their home page settings

From 1 January, 2015 we will detect behavior that limits a user’s ability to choose their home page.


Enforcement Date: 1 January, 2015

Our objective criteria states that a program should not:

  • Circumvent user consent dialogs from the browser or operating system.

This policy concerns the disabled-by-default model adopted by most web browsers. We will detect and block programs that bypass a browser’s built-in consent-to-enable feature. We will also detect and block programs that install themselves in a way that circumvents the browser’s consent dialog box from showing.

acceptable prompt

Figure 7: Contoso Toolbar “Enable” prompt

Similarly, programs should not bypass or try to supress any other of the browser’s built in protection dialogs. As an example programs should not bypass Internet Explorer’s default search permission dialog.

acceptable prompt

Figure 8: An acceptable browser prompt

From 1 January, 2015 programs that interfere with a web browser’s consent-to-enable feature will be detected by Microsoft Security Products.


If you have specific questions about your program and whether it complies with these criteria please contact us through our Developer Contact Form.

Michael Johnson

Comments (7)

  1. adwbust says:

    Regarding the disabled-by-default model, in my experience most users ignore the action bar. Make it more visible or obvious? I know in IE 11, the action bar now blinks and changes color. Or was that the file download prompt/bar? Is visibility same in IE
    9, 10? Also, if the user ignores the action bar that asks to enable recently installed addon, will the user be notified again on next open of IE or will addon be auto-disabled then?

    I guess bundle authors will again try to circumvent your new criteria. They might give alerts that bundled (fake) java/flashplayer/etc will not work or whatever snakeoil/crap free bundle license is invalid (per EULA) because addon has been disabled. They'll
    enforce enabling of the addons through scare tactics or deception that they're required for protection/safety/games/services/by EULA/free license/activation/usage/etc. Ugh.

    Before, addons use searchprotect to prevent disabling/removal/uninstall. I don't even know if MSE detects it now as part of the adware/browser modifier. I guess now they'll change searchprotect functionality to watchdog in order to monitor and know if addon
    was disabled and bombard alerts utilizing scare tactics and deception. MMPC your criteria should be proactive not reactive!

    You're now detecting refog monitor. What took you so long? Now, when will you add generic behavior signatures for loggers (commericial + free)?

  2. adwbust says:

    Why isn't MSE listed together with those that got Advanced rating? Please make remediation and removal better; it's Microsoft's OS hence you should know the innards better.


  3. Gavin says:

    Will these changes be distributed through Windows Update or when Windows Defender goes to update its antispyware definitions?

  4. Dave says:

    What about the toolbars that do not allow you to delete them

  5. adwbust says:

    @Dave if you have a sample of a toolbar that does that, submit it to MMPC. Any addon that disables browser addon controls will be detected as enforcement for that criteria is immediate.

    @Gavin MMPC is giving time for rogue devs to think of ways to circumvent the criteria. Haha. Seriously, devs are being given time to modify their addons or be detected next year. Protection will be delivered through signatures. If you have a sample that hits
    a criteria with immediate enforcement, submit it.

  6. Ishram says:

    Why is Microsoft complaining about these "Browser Search Protectors" when they FUND THE WORST SEARCH PROTECTOR – CONDUIT, TROVI, PERION… THEY SET EVERYTHING TO BING SEARCH!!!!

  7. adwbust says:

    MSE is still not faring well against ad/spy threats. Don't you think it's better to release an ads/spy tool ala MSRT delivered via Windows updates instead of bloating MSE's antimalware signatures? Bloated sig file database would mean MSE (guard) using
    more RAM and cpu power ~ heavy on system.

    Or how about using Smartscreen to filter malicious items in IE addons windows and Add/remove programs (uninstall list). Maybe include filtering/auditing for Firefox and Chrome addons too. That's why I'm saying integrate Smartscreen cloud to Windows 10. That
    includes UAC contacting Smartscreen cloud for executable prompt. Please listen Windows 10 devs.