Run by Smartscreen utility

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Hi does smartscreen need to be at default or even on to use this application/Thks
When you are installing RunBySmartScreen (the newest version) it automatically turns ON the SmartScreen.
If you will turn OFF the SmartScreen after installation, then you will get the alert:

214716
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Yes it is latest version and yes i had to turn on manually smartscreen because RBS did not do it automatically
It is interesting. Did you try to reinstall RunBySmartScreen with the new version?

Could you please turn OFF SmartScreen and try to:
  1. execute any application via RunBySmartScreen (it should fail).
  2. reinstall the new version of RunBySmartScreen and repeat point 1 (should be successful).
 
Last edited:

blueblackwow65

Level 23
Verified
Well-known
Dec 19, 2012
1,256
Hi ok turned off smartscreen not getting any popup teling me anything.Ok no warning smartscreen is off

Ok sorry for confusion seems i don't have smartscreen installed or enabled .On enterprise version anyone know how ? sorry again thks
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Hi ok turned off smartscreen not getting any popup teling me anything.Ok no warning smartscreen is off

Ok sorry for confusion seems i don't have smartscreen installed or enabled .On enterprise version anyone know how ? sorry again thks
Thanks for testing.(y)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
a painful fact but true: since I started using Bandizip to replace winrar or 7zip, I've never had to use Runbysmartscreen anymore
It became redundant because almost everything has "mark of the web", only except files coming from flash drives
Windows SmartScreen can check only: BAT, CMD, COM, CPL, DLL, EXE, JSE, MSI, OCX, PIF, SCR and VBE files. So if the user opens only these file types + archives via Bandzip (all downloaded by her/him via a web browser to hard disk), then RunBySmartScreen is not useful. RunBySmartScreen can be also skipped by cautious users, who download & open only safe filetypes like media, photos, etc.. But, most users do not know for sure what they open and many even do not bother to check what is the file extension.
Unfortunately, the malc0ders used to abuse over 250 file types. The most common are files related to MS Office (documents, templates, etc.), several kinds of shortcuts, and scripts (ignored by SmartScreen). Most of them are blocked by SRP, Outlook Web Access, Gmail, and Adobe Acrobat Reader file extension blacklists. I gathered all those potentially dangerous file types and included them in RunBySmartScreen.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
RunBySmartScreen ver. 3.1.0.1


Version 3.1.0.1
1. Added prevention for SmartScreen DLL hijacking.
2. Both 64-bit and 32-bit executables are wrapped in one NSISS executable.

(y)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
How SmartScreen can be bypassed by DLL hijacking? You can download a ZIP archive and unpack it by Windows built-in unpacker. The MOTW will be transferred to the EXE file. So it will be checked by SmartScreen on execution. But what if the EXE file is totally innocent and only loads and executes the DLL which was also unpacked together with EXE? SmartScreen does not check the DLLs loaded by EXEs, so the 0-day DLL will be executed.:(

Edit.
Of course, the EXE has to be signed with a stolen certificate with a good reputation, and normally (with real-time AV protection) it would be simpler to use the malicious EXE (no DLL aside). This method could be useful only if someone wanted to hide the source of the infection (it is harder to find out it for malicious DLL). Such attacks may happen in businesses, and are not so dangerous for home users.
The DLL hijacking can be also successful when one uses the security which does not check DLLs, but nowadays such attacks are very rare. For example, it can bypass Avast Hardened mode (Aggressive) and CyberCapture.
 
Last edited:

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
RunBySmartScreen ver. 3.1.0.1


Version 3.1.0.1
1. Added prevention for SmartScreen DLL hijacking.
2. Both 64-bit and 32-bit executables are wrapped in one NSISS executable.

(y)
Is this the same version as included in H_C 5.1.1.1?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top