Run by Smartscreen utility

blueblackwow65 said:
Hi does smartscreen need to be at default or even on to use this application/Thks
Click to expand...

Have you disabled Smartscreen in Windows? If you haven't, RBS will force Smartscreen check on files which otherwise would be ignored. It adds Mark of the Web which you may read about here: AndyFul/Run-By-Smartscreen
 
  • Like
Reactions: Nevi, Mercenary, simmerskool and 4 others
blueblackwow65 said:
Hi does smartscreen need to be at default or even on to use this application/Thks
Click to expand...
When you are installing RunBySmartScreen (the newest version) it automatically turns ON the SmartScreen.
If you will turn OFF the SmartScreen after installation, then you will get the alert:

214716
 
Last edited:
  • Like
  • Applause
  • Thanks
Reactions: Mercenary, simmerskool, harlan4096 and 2 others
  • Like
Reactions: Nevi, Mercenary, harlan4096 and 2 others
blueblackwow65 said:
Yes it is latest version and yes i had to turn on manually smartscreen because RBS did not do it automatically
Click to expand...
It is interesting. Did you try to reinstall RunBySmartScreen with the new version?

Could you please turn OFF SmartScreen and try to:
  1. execute any application via RunBySmartScreen (it should fail).
  2. reinstall the new version of RunBySmartScreen and repeat point 1 (should be successful).
 
Last edited:
  • Like
Reactions: harlan4096, Gandalf_The_Grey and oldschool
Hi ok turned off smartscreen not getting any popup teling me anything.Ok no warning smartscreen is off

Ok sorry for confusion seems i don't have smartscreen installed or enabled .On enterprise version anyone know how ? sorry again thks
 
  • Like
Reactions: Andy Ful and oldschool
blueblackwow65 said:
Hi ok turned off smartscreen not getting any popup teling me anything.Ok no warning smartscreen is off

Ok sorry for confusion seems i don't have smartscreen installed or enabled .On enterprise version anyone know how ? sorry again thks
Click to expand...
Thanks for testing.(y)
 
  • Like
Reactions: Mercenary and stefanos
Evjl's Rain said:
a painful fact but true: since I started using Bandizip to replace winrar or 7zip, I've never had to use Runbysmartscreen anymore
It became redundant because almost everything has "mark of the web", only except files coming from flash drives
Click to expand...
Windows SmartScreen can check only: BAT, CMD, COM, CPL, DLL, EXE, JSE, MSI, OCX, PIF, SCR and VBE files. So if the user opens only these file types + archives via Bandzip (all downloaded by her/him via a web browser to hard disk), then RunBySmartScreen is not useful. RunBySmartScreen can be also skipped by cautious users, who download & open only safe filetypes like media, photos, etc.. But, most users do not know for sure what they open and many even do not bother to check what is the file extension.
Unfortunately, the malc0ders used to abuse over 250 file types. The most common are files related to MS Office (documents, templates, etc.), several kinds of shortcuts, and scripts (ignored by SmartScreen). Most of them are blocked by SRP, Outlook Web Access, Gmail, and Adobe Acrobat Reader file extension blacklists. I gathered all those potentially dangerous file types and included them in RunBySmartScreen.
 
Last edited:
  • Like
  • Thanks
Reactions: Mercenary, Deletedmessiah, Rebsat and 7 others
Run By SmartScreen binaries has been replaced by digitally signed today (Certum Code Signing certificate). This certificate has gained a sufficient reputation to be accepted by SmartScreen.
The file version is the same (no functional changes). (y)
https://github.com/AndyFul/Run-By-Smartscreen
 
  • Like
  • Thanks
  • +Reputation
Reactions: Nevi, Mercenary, simmerskool and 9 others
RunBySmartScreen ver. 3.1.0.1

github.com

AndyFul/Run-By-Smartscreen

Contribute to AndyFul/Run-By-Smartscreen development by creating an account on GitHub.
github.com github.com

Version 3.1.0.1
1. Added prevention for SmartScreen DLL hijacking.
2. Both 64-bit and 32-bit executables are wrapped in one NSISS executable.

(y)
 
  • Like
  • +Reputation
Reactions: Mercenary, silversurfer, Protomartyr and 6 others
How SmartScreen can be bypassed by DLL hijacking? You can download a ZIP archive and unpack it by Windows built-in unpacker. The MOTW will be transferred to the EXE file. So it will be checked by SmartScreen on execution. But what if the EXE file is totally innocent and only loads and executes the DLL which was also unpacked together with EXE? SmartScreen does not check the DLLs loaded by EXEs, so the 0-day DLL will be executed.:(

Edit.
Of course, the EXE has to be signed with a stolen certificate with a good reputation, and normally (with real-time AV protection) it would be simpler to use the malicious EXE (no DLL aside). This method could be useful only if someone wanted to hide the source of the infection (it is harder to find out it for malicious DLL). Such attacks may happen in businesses, and are not so dangerous for home users.
The DLL hijacking can be also successful when one uses the security which does not check DLLs, but nowadays such attacks are very rare. For example, it can bypass Avast Hardened mode (Aggressive) and CyberCapture.
 
Last edited:
  • Like
  • +Reputation
  • Wow
Reactions: Mercenary, silversurfer, Protomartyr and 6 others
Andy Ful said:
RunBySmartScreen ver. 3.1.0.1

github.com

AndyFul/Run-By-Smartscreen

Contribute to AndyFul/Run-By-Smartscreen development by creating an account on GitHub.
github.com github.com

Version 3.1.0.1
1. Added prevention for SmartScreen DLL hijacking.
2. Both 64-bit and 32-bit executables are wrapped in one NSISS executable.

(y)
Click to expand...
Is this the same version as included in H_C 5.1.1.1?
 
  • Like
Reactions: Nevi, Mercenary, silversurfer and 4 others
  • Like
  • Thanks
Reactions: Nevi, Mercenary, simmerskool and 5 others
  • Like
  • Applause
  • Thanks
Reactions: Nevi, Mercenary, tipo and 7 others

You may also like...