[German]After the update to Microsoft Edge 103.0.1264.44 has been released on June 30, 2022, I got reports from users, increasingly noticing that temporary download remnants (.crdownload files) remain in the download folder after downloads (e.g. of .exe and .msi files, but also other files). But I found first reports for Edge 100 too.
Advertising
Edge 103.0.1264.44
Microsoft has updated the Edge browser in the stable channel to version 103.0.1264.44 as of June 30, 2022. It is a maintenance update that fixes the Elevation of Privilege vulnerability CVE-2022-33680 (sandbox escape), which is rated critical. I had reported in the blog post Microsoft Edge 103.0.1264.44 fixes CVE-2022-33680 (June 30, 2022) that this browser update also fixes the Chrome bug reported in the German blog post Edge Stable 103.0.1264.37 macht Gruppenrichtlinien kaputt (Chrome-Bug). Unfortunately, it seems, that there is now a download bug.
.crdownload files remains
Shortly after the publication of the German post Microsoft Edge 103.0.1264.44 fixt CVE-2022-33680 (30. Juni 2022), blog readers already came forward and reported download problems. MOM20xx wrote (I've translated the German comments):
oh yes also this version messes up downloads again
Since the last major release I am left with files with names starting "Not confirmed …" and size 0 on all machines after a download – in addition to the actual download. I think I have read something about this at deskmodder too
Blog reader Carsten confirms these problems:
I can confirm this at least on Win11 Insider and Win11 Business (both without Edge Policies) for the download of .exe and .msi files. On Server 2016 with "Block malicious downloads and dangerous file types" as Download Restriction in the GPO this does not happen.
Is there any info anywhere on what MS changed functionally in the Edge release other than the info on CVEs?
German blog reader Bernie has thankfully provided me with some screenshots. In the following screenshot, you can see the download of the Microsoft Edge MSI version. The Edge reports that the download is available and offers the button to access the download folder.
Advertising
However, when looking into the opened download folder, the user gets a surprise, as can be seen in the screenshot below. The required download is indeed present (here the MicrosoftEdgeEnterpriseX64.msi).
But there is an empty file Not confirmed xxxxx.crdownload with a size of 0 KB. This is the temporary file used by Chromium browsers for caching the download. Only when all segments of the download have been successfully submitted by the download manager, the browser copies the result under the name of the destination file (here the .msi file). At the same time, the old .crdownload file is deleted in the subsequent step, since it is no longer needed. However, this step no longer works in Microsoft Edge 103.0.1264.44, so the download folder is cluttered with temporary download files of size 0.
Bernie was kind enough to post a link to this discussion at German site Dr. Windows. There are user reports on Edge 103.0.1264.37 with this problem too. There you can find the statement that the temporary remnants are left behind for all file types when downloading. Here in the blog, there is mainly the reference to .exe and .msi files in the comments.
Researching on the internet, this bug has been coming up in requests for quite some time (e.g. on reddit.com here and here). On Techcommunity there is this older discussion from April 2022 about the Edge 100, where this has also been observed.
This indicates that the Edge browser cannot successfully go through all the states during the download, from downloading the file fragments, through the antivirus scan to copy the result to the destination file, to deleting the temporary .crdownload file. The last step fails, possibly because the .crdownload file is locked.
First guess on my part would be that a third-party antivirus solution is blocking the download for deletion. But on Dr. Windows here and here there is a hint to click Discard in the App & Browser Control section of the Windows Security Center. Then in Reliability Based Protection is the item:
- SmartScreen for MS Edge to be disabled and
- the option Potentially unwanted apps are blocked shall be activated
This signals that the problem is in the on-board Windows/Edge protection mechanisms. The deactivation should be considered carefully for security reasons. Currently, the only thing to do is to wait for a fix from Microsoft – individual users have reported the bug via the Edge feedback function – whether that is read, I don't know. In any case, I'll try to report the English-language post to Microsoft (done on Twitter).
Similar articles
Microsoft Edge 102.0.1245.30 has issues with PDF printing
Edge 102.0.1245.30 ff.: "Hardware enforced stack protection" prevents startup
Edge Stable 103.0.1264.37 macht Gruppenrichtlinien kaputt (Chrome-Bug)
Microsoft Edge 103.0.1264.44 fixes CVE-2022-33680 (June 30, 2022)
Advertising