- Apr 9, 2018
- 220
OK. In your case WD is/was installed anyway. Seems to another option is probably responsible for MOTW enabled, available in Group Edit / Windows Component. Disabling WD probably doesn't matter. So we have different results...
[CheckLab.pl] - Test of free antivirus
- Thread starter Adrian Ścibor
- Start date
OK. In your case WD is/was installed anyway. Seems to another option is probably responsible for MOTW enabled, available in Group Edit / Windows Component. Disabling WD probably doesn't matter. So we have different results...
- Apr 9, 2018
- 220
It is probably not SmartScreen, but WD Block at First Sight feature.
Accorging to this article the Block at First Sight in Windows 10 is not really crossed with SmartScreen?
The official document signed by Microsoft also is not contain any details about SmartScreen with Block at First Sight.
Home - Microsoft Defender Testground
demo.wd.microsoft.com
To activate or deactivate Block at First Sight you have to enable/disable WD and the cloud deliver protection.
- Dec 23, 2014
- 8,593
Adrian Ścibor,
Please look at the Registry key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments
and
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments
If there is a value SaveZoneInformation = 1 (Reg_DWORD), then the MOTW will be skipped.
If this value does not exist or SaveZoneInformation = 2, then MOTW will be added.
The behavior of skipping MOTW may be also a leftover after some uninstalled security application. In Windows default settings the SaveZoneInformation value does not exist.
Please look at the Registry key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments
and
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments
If there is a value SaveZoneInformation = 1 (Reg_DWORD), then the MOTW will be skipped.
If this value does not exist or SaveZoneInformation = 2, then MOTW will be added.
The behavior of skipping MOTW may be also a leftover after some uninstalled security application. In Windows default settings the SaveZoneInformation value does not exist.
- Dec 23, 2014
- 8,593
SmartScreen is independent of BAFS and vice versa. SmartScreen can work if WD is disabled and another AV is installed, except when something will disable SmartScreen.
BAFS will not work if you will disable WD real-time protection. You do not have to disable WD.
Skipping MOTW is not related to the browser. If I recall correctly Chrome uses the IAttachmentExecute interface and FireFox adds MOTW to file by writing Alternate Data Stream directly. MOTW is skipped when the appropriate Policy is applied or can be removed by AV after the file is downloaded to avoid SmartScreen integrated with Explorer.
Last edited:
- Apr 9, 2018
- 220
The Zone settings is default as value 3 in our machines. It means that is enabled.
- Dec 23, 2014
- 8,593
WIndows Policies can be also applied by direct Registry changes and this will be not visible when using Gpedit because Group Policy Object was not used. You have to look at the appropriate Registry keys to be sure.
- Apr 9, 2018
- 220
In the registry the value is set as 3 also.
- May 16, 2018
- 1,363
Adrian, you just need to utilize Andy as an advisor for the next test.
That's all.
You guys are probably neighbors..
- Dec 23, 2014
- 8,593
This is a non-standard value, so it was written by the security application. It does not force skipping MOTW on my machine. You can try to delete this value to see what will happen.
I like to post about Windows in English.
- Mar 29, 2018
- 7,698
Gentlemen...let me ask a very simple and straightforward question - if I am using Norton internet security - NO browser extensions - to receive MOTW do I have to use MS EDGE or will MOTW show up with Chrome as well. Please keep the answer as simple as possible.
- Mar 16, 2019
- 3,868
If it is downloaded via chrome not any other download manager then it should work. Test yourself by downloading a file then check properties and if there's an unblock option then it's working.
Similar threads
