Today I had an example how Windows Defender Heuristics work. I tested a new version of 'Run By Smartscreen' that threw in a short time several files to check. The great deal of them was not recognized as safe by SmartScreen filter. Among them were some not signed, legitimate system files copied from C:\Windows\System32 to C:\z\ folder (mshta.exe, hh.exe, mmc.exe, control.exe, wscript.exe). Suddenly I saw the Defender alert, that it found a malware (trojan). After that in quarantine landed RunBySmartscreen(x64).exe . In this way I created my first trojan, and successfully infected my own computer.
So now, I have to test 'Run By Smartscreen' with disabled Windows Defender to not make it nervous.
The standalone version of "Run By SmartScreen" is not integrated with H_C ver. 126.96.36.199. The previous "Run By SmartScreen" will be applied. The integrated version is in C:\Windows\Hard_Configurator folder.So I installed the new version, and when I opened H_C, it complained that run as smartscreen is not enabled. So I re-enabled it. Did that switch me back to the older version?
The standalone version of "Run By SmartScreen" is not integrated with H_C ver. 188.8.131.52. The previous "Run By SmartScreen" will be applied. The integrated version is in C:\Windows\Hard_Configurator folder.
If H_C is closed , then you can install and use the standalone version of "Run By SmartScreen".
The standalone executable is in C:\Windows folder. You cannot replace those executables, because some features of the new version will not work. If you open H_C then the standalone version is automatically wiped out from the Registry by the H_C setting.