Run by Smartscreen utility

[Andy Ful]

Yes, you copied the whole directory to C:\Windows
Copy only the executable RunBySmartscreen(x64).exe .
I must make the installation info more clear.

 

[Av Gurus]

Now it's OK, tnx

For some portable program I don't get UAC prompt, is this OK or...?
Example: Sumatra pdf, SUMO, VLC...

 

[askmark]

A useful tool. Thanks for sharing.

 

[Andy Ful]

Now it's OK, tnx

For some portable program I don't get UAC prompt, is this OK or...?
Example: Sumatra pdf, SUMO, VLC...

Yes, 'Run by Smartscreen' runs the executable file with Medium Rights, for security reasons. You can see the UAC alert, if the executable asks for elevation.
I have a special version to work with SRP, that runs files with Administrative Rights, but that version is one element of wider hardening project for Windows Home.

 

[Andy Ful]

A useful tool. Thanks for sharing.

You are welcome

 

[Andy Ful]

'Run By Smartscreen' new beta version released.

In the new version the write access check is added, to avoid running files without SmartScreen check, if the program could not successfully add 'Mark of the Web' (ACL or another write access restrictions).
If so, the program shows the message:
Write access error. The 'Mark of the Web' was skipped. The file cannot be 'Run By Smartscreen'.

I do not know if this is the best solution. The second one is to copy the file to TEMP folder, add 'Mark of the Web' to it, and then execute.

If actual solution will be inconvenient, then let me know, please.

GitHub - AndyFul/Run-By-Smartscreen

 

[Andy Ful]

Today I had an example how Windows Defender Heuristics work. I tested a new version of 'Run By Smartscreen' that threw in a short time several files to check. The great deal of them was not recognized as safe by SmartScreen filter. Among them were some not signed, legitimate system files copied from C:\Windows\System32 to C:\z\ folder (mshta.exe, hh.exe, mmc.exe, control.exe, wscript.exe). Suddenly I saw the Defender alert, that it found a malware (trojan). After that in quarantine landed RunBySmartscreen(x64).exe . In this way I created my first trojan, and successfully infected my own computer.
So now, I have to test 'Run By Smartscreen' with disabled Windows Defender to not make it nervous.

 

[ZeroDay]

Thank you for this Andy Ful

 

[Andy Ful]

Thanks. It is fun for me.

 

[Av Gurus]

When this is installed, can be removed from the C:\Windows?

 

[_CyberGhosT_]

When this is installed, can be removed from the C:\Windows?

yes, but you have to deselect the option to have it in the Right Click Menu, then delete the folder and the exe from C: Windows.
He explains how to do this very clearly in the first post or on the homepage.
If your asking if you can remove the exe from C/Windows after install why would you ?

 

[Av Gurus]

I thought when it is added in Right Click Menu that files no longer needed, I tried to delete it but then no longer works.
The answer is NO.

 

[_CyberGhosT_]

I thought when it is added in Right Click Menu that files no longer needed, I tried to delete it but then no longer works.
The answer is NO.

He's not very clear on where to put the "folder" after install though, where did you put it ?

 

[Av Gurus]

You don't need folder just .exe.
If you have x86/x64 bit OS, copy one of that file in C:\Windows, run as Admin and that is done.

 

[Andy Ful]

I thought when it is added in Right Click Menu that files no longer needed, I tried to delete it but then no longer works.
The answer is NO.

You are right. The 'Run By Smartscreen' option in Explorer context menu (manged by the Registry key HKEY_CLASSES_ROOT*\shell\Run By SmartScreen) is like a shortcut to RunBySmartscreen(...).exe

I was editing the Install/Uninstall instructions several times, but if something is unclear or missing, then let me know, please. I'm not a native English speaker.

 

[_CyberGhosT_]

You are right. The 'Run By Smartscreen' option in Explorer context menu (manged by the Registry key HKEY_CLASSES_ROOT*\shell\Run By SmartScreen) is like a shortcut to RunBySmartscreen(...).exe

I was editing the Install/Uninstall instructions several times, but if something is unclear or missing, then let me know, please. I'm not a native English speaker.

I would just add a foot note in the .txt that you can delete the folder after install
It would eliminate a lot of confusion and uncertainty.

 

[Ink]

Run By Smartscreen' works only with Windows 8 and higher versions.

What makes this tool not compatible with Windows 7 or prior?

 

[Andy Ful]

Windows 7 and prior versions have not support for Windows Smartscreen App Reputation on Run.

 

[Andy Ful]

New version of RunBySmartscreen has been released (1.0.3).

From version 1.0.3 the program is prepared to help inexperienced users to open all new files. If the user tries to open the file with "Run By SmartScreen" the program works as enumerated below:

1. Files located in the System Space (= inside C:\Windows, C:\Program Files, C:\Program Files (x86)) are opened
normally, without SmartScreen check.
2. Files located in the User Space (= outside C:\Windows, C:\Program Files, C:\Program Files (x86) ) with
somewhat dangerous extensions (not supported by SmartScreen), are not allowed to open, and the program
shows an alert (similar to Software Restriction Policies).
3. The executables located in the User Space are checked by SmartScreen before the run.
4. Other files (media, photos, documents, etc.) are opened normally, without SmartScreen check.

The program has hard-coded list of dangerous extensions (not supported by SmartScreen App Reputation on run):
WSH, WSF, WSC, WS, VBS, VB, URL, SHS, SCT, REG, PS1, PIF, PCD, MST, MSP, MSC, MDE, MDB, JS, JAR, ISP, INS, INF, HTA, HLP, CRT, CHM, BAS, ADP, ADE.

GitHub - AndyFul/Run-By-Smartscreen

 

[Av Gurus]

This new version just copy over old one?