Run by Smartscreen utility

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,538
Yes, you copied the whole directory to C:\Windows :)
Copy only the executable RunBySmartscreen(x64).exe .
I must make the installation info more clear.:)
 
Last edited:
  • Like
Reactions: Dirk41 and Av Gurus

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
Now it's OK, tnx

For some portable program I don't get UAC prompt, is this OK or...?
Example: Sumatra pdf, SUMO, VLC...
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,538
Now it's OK, tnx

For some portable program I don't get UAC prompt, is this OK or...?
Example: Sumatra pdf, SUMO, VLC...

Yes, 'Run by Smartscreen' runs the executable file with Medium Rights, for security reasons. You can see the UAC alert, if the executable asks for elevation.
I have a special version to work with SRP, that runs files with Administrative Rights, but that version is one element of wider hardening project for Windows Home.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,538
'Run By Smartscreen' new beta version released.

In the new version the write access check is added, to avoid running files without SmartScreen check, if the program could not successfully add 'Mark of the Web' (ACL or another write access restrictions).
If so, the program shows the message:
Write access error. The 'Mark of the Web' was skipped. The file cannot be 'Run By Smartscreen'.

I do not know if this is the best solution. The second one is to copy the file to TEMP folder, add 'Mark of the Web' to it, and then execute.

If actual solution will be inconvenient, then let me know, please.;)

GitHub - AndyFul/Run-By-Smartscreen
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,538
Today I had an example how Windows Defender Heuristics work. I tested a new version of 'Run By Smartscreen' that threw in a short time several files to check. The great deal of them was not recognized as safe by SmartScreen filter. Among them were some not signed, legitimate system files copied from C:\Windows\System32 to C:\z\ folder (mshta.exe, hh.exe, mmc.exe, control.exe, wscript.exe). Suddenly I saw the Defender alert, that it found a malware (trojan). After that in quarantine landed RunBySmartscreen(x64).exe . In this way I created my first trojan, and successfully infected my own computer.:)
So now, I have to test 'Run By Smartscreen' with disabled Windows Defender to not make it nervous.
 
Last edited:

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
When this is installed, can be removed from the C:\Windows?
yes, but you have to deselect the option to have it in the Right Click Menu, then delete the folder and the exe from C: Windows.
He explains how to do this very clearly in the first post or on the homepage. ;)
If your asking if you can remove the exe from C/Windows after install why would you ?
 

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
I thought when it is added in Right Click Menu that files no longer needed, I tried to delete it but then no longer works.
The answer is NO.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,538
I thought when it is added in Right Click Menu that files no longer needed, I tried to delete it but then no longer works.
The answer is NO.

You are right. The 'Run By Smartscreen' option in Explorer context menu (manged by the Registry key HKEY_CLASSES_ROOT*\shell\Run By SmartScreen) is like a shortcut to RunBySmartscreen(...).exe

I was editing the Install/Uninstall instructions several times, but if something is unclear or missing, then let me know, please. I'm not a native English speaker.:(
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
You are right. The 'Run By Smartscreen' option in Explorer context menu (manged by the Registry key HKEY_CLASSES_ROOT*\shell\Run By SmartScreen) is like a shortcut to RunBySmartscreen(...).exe

I was editing the Install/Uninstall instructions several times, but if something is unclear or missing, then let me know, please. I'm not a native English speaker.:(
I would just add a foot note in the .txt that you can delete the folder after install ;)
It would eliminate a lot of confusion and uncertainty.
 
  • Like
Reactions: Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,538
New version of RunBySmartscreen has been released (1.0.3).

From version 1.0.3 the program is prepared to help inexperienced users to open all new files. If the user tries to open the file with "Run By SmartScreen" the program works as enumerated below:

1. Files located in the System Space (= inside C:\Windows, C:\Program Files, C:\Program Files (x86)) are opened
normally, without SmartScreen check.
2. Files located in the User Space (= outside C:\Windows, C:\Program Files, C:\Program Files (x86) ) with
somewhat dangerous extensions (not supported by SmartScreen), are not allowed to open, and the program
shows an alert (similar to Software Restriction Policies).
3. The executables located in the User Space are checked by SmartScreen before the run.
4. Other files (media, photos, documents, etc.) are opened normally, without SmartScreen check.

The program has hard-coded list of dangerous extensions (not supported by SmartScreen App Reputation on run):
WSH, WSF, WSC, WS, VBS, VB, URL, SHS, SCT, REG, PS1, PIF, PCD, MST, MSP, MSC, MDE, MDB, JS, JAR, ISP, INS, INF, HTA, HLP, CRT, CHM, BAS, ADP, ADE.

GitHub - AndyFul/Run-By-Smartscreen
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top