Can I block ALL file downloads in Chrome?

Chrome uses Windows Attachment Manager for handling downloads. Its KB article describes its Group Policy settings, but I’m not sure that any of those directly allows blocking of all downloads.

What you can do, however, is use IE’s URL Security Zones to block downloads by setting the policy to “disallow” for the URL Actions URLACTION_SHELL_EXECUTE_HIGHRISK, URLACTION_SHELL_EXECUTE_MODRISK and URLACTION_SHELL_EXECUTE_LOWRISK.

IE only exposes a GUI for the “high risk” category, which is the security setting “Launching programs and unsafe files”. The others can be set programatically using IInternetZoneManager::​SetZoneActionPolicy() or by setting the corresponding values directly in the Registry under Software\​Microsoft\Windows\​CurrentVersion\​Internet Settings\​Zones\n (where n is a zone number; 0–4 correspond to “Computer”, “Local intranet”, “Trusted sites”, “Internet” and “Untrusted sites” respectively.) The three action value names are 1806, 1807 and 1808, and the setting for “disallow” is 3.

(Chrome has slightly strange behaviour in that files are actually downloaded to temporary .crdownload files, then immediately deleted when Attachment Manager blocks the attempt to save them. At least it appears that the block can’t be subverted by removing delete permissions from the download directory...)