- Dec 6, 2014
This would not also work for novice users, when the advanced user will set the H_C (ConfigureDefender) on their computers to prevent by policies bypassing SmartScreen alerts.
But, this will work for "smart" users who think that they know better than SmartScreen, what is safe. Anyway, most of such attacks can be prevented by waiting one or two days, if SmartScreen blocks something and we are pretty sure that it is safe. Other methods like using VirusTotal or on-demand scanners are not especially useful for 0-day malware.
Behavioral blocking and other proactive solutions do not help much in such a case. This could work for inexperienced users, when an advanced user made the AV setup and they do not know how to bypass the protection. If the non-novice user is convinced that the program is safe, then he/she will simply ignore the alerts or will add the malware to AV exclusions.
true ! the first defense against malwares is user's behavior