Run by Smartscreen utility

[Andy Ful]

Post updated in July 2023.

PROGRAM INFO

The application can be used on Windows 8+.
GitHub - AndyFul/Run-By-Smartscreen

Run By Smartscreen' is a very simple idea to safely open/run the new files via the option on the Explorer right-click context menu. 'Run By Smartscreen' can mark files with MOTW, so they are treated as downloaded from the Internet. This forces the SmartScreen before running the executable with MOTW. Furthermore, the popular documents marked with MOTW will be opened in 'Protected View', if the document application has such ability (like MS Office 2010+ and Adobe Acrobat Reader 10+). Many file types with unsafe extensions will be blocked when 'Run By Smartscreen' to minimize the chances of infection.​

Why the SmartScreen?
The Windows built-in SmartScreen technology is one of the best for fighting 0-day malware files.

Why 'Run By SmartScreen'?

This technology is only halfway adopted in Windows. SmartScreen for Explorer can check executables with "Mark of the Web", which is attached to files after downloading from the Internet by popular Web Browsers, Windows Store or Windows OneDrive. There are many cases when files do not have "Mark of the Web" and then, they are simply ignored by SmartScreen.​

More info:
https://github.com/AndyFul/Run-By-Smartscreen

 

[Av Gurus]

...in the User Space...which folders are that (C:\Users)?

 

[_CyberGhosT_]

Make sure to share this over at Wilders too,
if you haven't already

 

[Andy Ful]

...in the User Space...which folders are that (C:\Users)?

User Space = everything outside 'C:\Windows', 'C:\Program Files', and 'C:\Program Files (x86)' folders.

 

[Andy Ful]

Make sure to share this over at Wilders too,
if you haven't already

I'am not a member of Wilderssecurity forum, but I read it every day, and I like it very much.

 

[Av Gurus]

User Space = everything outside 'C:\Windows', 'C:\Program Files', and 'C:\Program Files (x86)' folders.

I installed that but there is no Run Smart Scan in Menu?

 

[Andy Ful]

Did you log out/log on ?

 

[Av Gurus]

Yes

 

[Andy Ful]

Sorry, I have forgotten to write that first run must be with Administrative Rights
Edited. Thanks for pointing it to me.

 

[Av Gurus]

First run of what? - Run by SmartScan or...?

 

[Wave]

...in the User Space...which folders are that (C:\Users)?

I think he was just differentiating between the protected directories (e.g. Windows folder, Program Files) to the default unprotected folders (such as Documents, Desktop, Pictures) which can be accessed from a non-elevated process.

User Space = everything outside 'C:\Windows', 'C:\Program Files', and 'C:\Program Files (x86)' folders.

Sorry, I didn't see this response before I replied to @Av Gurus... Oops!

 

[Andy Ful]

If you have 64Bit Windows, you have to copy RunBySmartscreen(x64).exe to C:\Windows and run this file with 'Run As Administrator'. After that the 'Run By Smartscreen' option should be seen in Explorer context menu.

 

[Andy Ful]

The User Space is adopted from AppGuard:
"User-space refers to the computer storage space that is typically accessible by non-admin Windows users. It contains the user's profile directory (which includes the My Documents folder and Desktop), removable storage devices, network shares, and all non-system hard drives such as additional external and internal disk drives. AppGuard will either block or protect the execution of any programs contained in user-space directories. "

 

[Av Gurus]

Now is working OK.
But, every time i click "Run by SmartScan" I have to choose app to open .exe?

 

[Wave]

The User Space is adopted from AppGuard:
"User-space refers to the computer storage space that is typically accessible by non-admin Windows users. It contains the user's profile directory (which includes the My Documents folder and Desktop), removable storage devices, network shares, and all non-system hard drives such as additional external and internal disk drives. AppGuard will either block or protect the execution of any programs contained in user-space directories. "

That explains why I am not familiar with it then, since I normally just explain that term regarding non-admin users accessing non-protected directories as opposed to using the term "User Space" for folders... Thanks

 

[Andy Ful]

Now is working OK.
But, every time i click "Run by SmartScan" I have to choose app to open .exe?

View attachment 121694 View attachment 121695 View attachment 121696 View attachment 121697

No, it is probably the side effect of running with Administrative Rights. Open Windows Explorer with Medium Rights and try 'Run By Smartscreen' again.
Sorry I misunderstood your post. Please, wait a moment.

 

[Av Gurus]

Some FP on VT...

 

[Andy Ful]

Now is working OK.
But, every time i click "Run by SmartScan" I have to choose app to open .exe?

View attachment 121694 View attachment 121695 View attachment 121696 View attachment 121697

If I understand correctly, You right click HitmanPro_64.exe, choose "Run By SmartScreen", and then the alert is shown: "You need a new app to open this .exe file".
Please check if RunBySmartscreen(x64).exe (or RunBySmartscreen(x86).exe for 32Bit) is copied to C:\Windows ?

 

[Andy Ful]

Some FP on VT...

View attachment 121698

Yes, it is a standard for utilities compiled with AutoIt, especially if they are changing important registry keys.

 

[Av Gurus]

Yes, it's on C:Windows
And HitmanPro is on C:\PortableAPP\HitmanPro