Run by Smartscreen utility

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,670
Hi Andy.

Against what data base, is RunBySmartscreen checking the files?
An unidentified "dynamic list of reported phishing sites and malicious software sites." It doesn't rely solely on lists but also analyzes for suspicious behavior and checks reputation against a list of commonly downloaded software.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,538
Hi Andy.

Against what data base, is RunBySmartscreen checking the files?

Did you read the OP?
https://malwaretips.com/threads/run-by-smartscreen-utility.65145/post-561234

Should I add something to make it more understandable?

Technically, RunBySmartscreen does not check files against any database. It only makes SmartScreen for Explorer (Windows built-in) more thorough, so that SmartScreen can also check files not originating from the Internet. Additionally, it shows an alert that the file type can include active content (script, scriplet, document, etc.).
 
Last edited:

pxxb1

Level 10
Verified
Well-known
Jan 17, 2018
480
Quite the contrary, it explicitly mentions that the check is done via SmartScreen.

Well, i mentioned VirusTotal because that is where i am basing my mental picture about a data base. And as you know it is a lot of antivirus programs that is checking a file. So, again, what is checking this? When you answered - Smartscreen, you know what that is, but i do not. But i uppose it is Ms data base that it has for Ms Defender, or?
 
  • Like
  • +Reputation
Reactions: kylprq and Andy Ful

pxxb1

Level 10
Verified
Well-known
Jan 17, 2018
480
Well, i mentioned VirusTotal because that is where i am basing my mental picture about a data base. And as you know it is a lot of antivirus programs that is checking a file. So, again, what is checking this? When you answered - Smartscreen, you know what that is, but i do not. But i uppose it is Ms data base that it has for Ms Defender, or?

I suppose the "Thumbs up" menas that it is Ms Defenders data base.

Then, why has not Ms implemented that feature that RBS has into its protection do you think?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,538
Well, i mentioned VirusTotal because that is where i am basing my mental picture about a data base. And as you know it is a lot of antivirus programs that is checking a file. So, again, what is checking this? When you answered - Smartscreen, you know what that is, but i do not. But i uppose it is Ms data base that it has for Ms Defender, or?

SmartScreen is a well-known Microsoft’s cloud-based reputation service. It is used in Edge and it is integrated with Explorer (in Windows 8+).
You can easily find the details via Google. (y)
https://www.certauri.com/how-to-gain-smart-screen-reputation-and-avoid-smart-screen-filter-warnings/
https://signmycode.com/blog/what-is-windows-defender-smartscreen
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,538
Then, why has not Ms implemented that feature that RBS has into its protection do you think?

Microsoft implemented SmartScreen in Edge and integrated with Explorer (only for files originating from the Internet). RunBySmartscreen extends SmartScreen check for files not originating from the Internet and shows some info about files with active content.
 

pxxb1

Level 10
Verified
Well-known
Jan 17, 2018
480
Microsoft implemented SmartScreen in Edge and integrated with Explorer (only for files originating from the Internet). RunBySmartscreen extends SmartScreen check for files not originating from the Internet and shows some info about files with active content.

This is not really an answer.
What i am trying to see is, what the point is to use RBS when Ms Defender takes care of the file in step 2, when opening, anyway.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,538
This is not really an answer.
What i am trying to see is, what the point is to use RBS when Ms Defender takes care of the file in step 2, when opening, anyway.

MS Defender (free) and many AVs, normally do not use the reputation checks. You are probably misguided by the naming. Microsoft Defender SmartScreen is not a part of Microsoft Defender antivirus. Just like Edge (with SmartScreen) is not a part of Microsoft Defender antivirus.
SmartScreen for Explorer and Edge (with SmartScreen) work even if you use another AV.
 

pxxb1

Level 10
Verified
Well-known
Jan 17, 2018
480
MS Defender (free) and many AVs, normally do not use the reputation checks. You are probably misguided by the naming. Microsoft Defender SmartScreen is not a part of Microsoft Defender antivirus. Just like Edge (with SmartScreen) is not a part of Microsoft Defender antivirus.
SmartScreen for Explorer and Edge (with SmartScreen) work even if you use another AV.

Ok. But it uses Ms Defenders database to tell good from bad?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,538
Ok. But it uses Ms Defenders database to tell good from bad?

The database includes the telemetry from the Windows system, not only from the Microsoft Defender application. But in the end, Microsoft Defender machine learning, Microsoft Defender ASR rules, and others can access that database. So one can call that database (not precisely) MS Defender's database.
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,670
SmartScreen is a well-known Microsoft’s cloud-based reputation service. It is used in Edge and it is integrated with Explorer (in Windows 8+).
You can easily find the details via Google. (y)
https://www.certauri.com/how-to-gain-smart-screen-reputation-and-avoid-smart-screen-filter-warnings/
https://signmycode.com/blog/what-is-windows-defender-smartscreen
Yes. I was mistakenly responding to a the subject of SS generally, and not RBS.
MS Defender (free) and many AVs, normally do not use the reputation checks. You are probably misguided by the naming. Microsoft Defender SmartScreen is not a part of Microsoft Defender antivirus. Just like Edge (with SmartScreen) is not a part of Microsoft Defender antivirus.
Indeed, I think many people confuse these two. I see members on other forums make this mistake and/or misunderstand the SS feature on Windows. Especially those who disable it.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,538
Indeed, I think many people confuse these two. I see members on other forums make this mistake and/or misunderstand the SS feature on Windows. Especially those who disable it.

It is strange, but many people on security-related forums have a very rudimentary knowledge of Windows-built-in security features that are activated by default.
Even a few years after I created ConfigureDefender, many posters insisted that Defender on Windows Home did not have behavior-blocking capabilities, post-launch detection, ASR rules, etc. Still, many people do not know what is the 'Mark of the Web' and how it is related to Windows security.
Anyway, after many discussions, it seems that the level of knowledge about Windows-built-in security is higher, especially on the MT forum. :)
 

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,356
It is strange, but many people on security-related forums have a very rudimentary knowledge of Windows-built-in security features that are activated by default.
Even a few years after I created ConfigureDefender, many posters insisted that Defender on Windows Home did not have behavior-blocking capabilities, post-launch detection, ASR rules, etc. Still, many people do not know what is the 'Mark of the Web' and how it is related to Windows security.
Anyway, after many discussions, it seems that the level of knowledge about Windows-built-in security is higher, especially on the MT forum. :)
And thanks to you...
 
F

ForgottenSeer 107474

But to be honest, Microsoft does not make it easy to understand.

SAC, WDAC-ISG, SmartScreen, Microsoft Defender cloud level zero tolerance, ASR "Block executable files from running unless they meet a prevalence, age, or trusted list criterion" and "Block at first sight" option have related and overlapping protections because they share the Microsoft back end data bases., reputation services. Because all of the telemetry data collected by Microsoft from so many end points, they have a competitive big data collection advantage over all other (third-party) security.

As @Gandalf_The_Grey posted thanks to Andy Full most of these advanced build-in features are accessible and usable for home users with less security knowledge (y)
 

pxxb1

Level 10
Verified
Well-known
Jan 17, 2018
480
The database includes the telemetry from the Windows system, not only from the Microsoft Defender application. But in the end, Microsoft Defender machine learning, Microsoft Defender ASR rules, and others can access that database. So one can call that database (not precisely) MS Defender's database.

Thank you for the clarification, now i know.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,538
But to be honest, Microsoft does not make it easy to understand.

Yes, that is true. In fact, we have one big "Microsoft Endpoint Protection" implemented in Windows. It contains: Defender Antivirus (with ASR rules, Network Protection, Controlled folder access, etc.), Edge, SmartScreen, WDAC, etc. Any other AV vendor would announce all of them as parts of one product. Microsoft decided to split that product into different security layers (probably due to antimonopoly law), that can work almost independently from the viewpoint of the user. Of course, those security layers are integrated in the Microsoft cloud.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top