Q&A What is Smartscreen? (Win8/10)

Do you use it ?

  • Yes

    Votes: 49 86.0%
  • No because...

    Votes: 8 14.0%

  • Total voters
    57

HarborFront

Level 41
Content Creator
Verified
Joined
Oct 9, 2016
Messages
3,065
#41
If the file has got EV digital certificate, the SmartScreen assumes that the file is safe. But, I do not know if it means not connecting to Reputation Cloud. I do not have got such files.
You try that foobar 2000 and see with internet disconnected.
 

Andy Ful

Level 30
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,967
OS
Windows 10
Antivirus
Microsoft
#42
What's the point of a message if it does not tell the user whether the application is malicious or not?
What is the point of using the stationary telephone, if sometimes there is no power?
 

Andy Ful

Level 30
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,967
OS
Windows 10
Antivirus
Microsoft
#43
You try that foobar 2000 and see with internet disconnected.
I am afraid that Foobar has not got EV certificate. This is a very special (high quality) kind od digital signing.
 

jamescv7

Level 61
Verified
Joined
Mar 15, 2011
Messages
12,638
OS
Windows 10
Antivirus
Microsoft
#44
So far I have not seen it in action since I'm not using IE and Edge
Typically the Smartscreen scans for digital signature alongside of reputation result when online, so if no alerts occurred then it passed on the criteria hence ready for execution.

Possible it checks also from current digital publishers if exist in the system.

@Umbra Does that mean Windows SmartScreen is 100% cloud-based?

View attachment 135741
Yes by context, the concept of IE/Edge browser is same on Windows OS feature. I've encountered Smartscreen yesterday on my classmate's laptop.

Although it may scan possible from current certificates in the system.

I got no alert from Smartscreen in my Windows 10 Pro for the last 2 demo tests with internet disconnected like what @Umbra said
Basically the Smartscreen already downloaded some temporary cache to checked for results of a file.

A pop-up like 'cannot checked right now' is because of digital signature that may not present in the system.
 

Andy Ful

Level 30
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,967
OS
Windows 10
Antivirus
Microsoft
#46
What is the definition of 100% cloud-based?
I do not think that such definition exists. But, for our discussion, it could mean that SmartScreen cannot check the file without Internet connection with Reputation Cloud.
 

reboot

Level 3
Verified
Joined
Jan 27, 2017
Messages
143
OS
Windows 10
Antivirus
Default-Deny
#48
I do not think that such definition exists. But, for our discussion, it could mean that SmartScreen cannot check the file without Internet connection with Reputation Cloud.
Thanks Andy. I think that is a workable definition for the sake of this thread. :) I must be getting old because some questions just fry my brain. Like trying to answer the question... When does smell become taste?
 
Likes: Andy Ful

Andy Ful

Level 30
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,967
OS
Windows 10
Antivirus
Microsoft
#50
You can bypass Windows inbuilt filters for using unsigned/blocked apps by opening cmd with admin rights and typing " to start then file location and name and finish by typing " at the end and you will be able to use/install blocked program. Sometimes when Windows blocks unsigned/blocked apps I know are clean I have to use this method to unlock the file.
I would like to test it. Could you give some examples, please.
 
Likes: reboot

reboot

Level 3
Verified
Joined
Jan 27, 2017
Messages
143
OS
Windows 10
Antivirus
Default-Deny
#51
If one excludes folders and files in Windows Defender what impact if any does that have on SmartScreen?
 

Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
18,425
OS
Windows 10
Antivirus
Default-Deny
#52
If one excludes folders and files in Windows Defender what impact if any does that have on SmartScreen?
good question , i never tried, maybe you can do , and tell us :D
 
Likes: reboot

shmu26

Level 67
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,653
OS
Windows 10
#53
Let's say I downloaded a file with google chrome or an email client, and then I execute it. What file types will trigger smartscreen blocking? Will it block downloaded scripts?

And what happens if I download a zip file with a torrent client?
 

Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
18,425
OS
Windows 10
Antivirus
Default-Deny
#55
Let's say I downloaded a file with google chrome or an email client, and then I execute it. What file types will trigger smartscreen blocking? Will it block downloaded scripts?

And what happens if I download a zip file with a torrent client?
as i said above , you will know by testing it and tell us your result :D
 
Likes: Andy Ful

Andy Ful

Level 30
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,967
OS
Windows 10
Antivirus
Microsoft
#56
If one excludes folders and files in Windows Defender what impact if any does that have on SmartScreen?
No impact on SmartScreen, I think. SmartScreen App Reputation on Run works even with disabled WD. But, the excluded files should open quicker.
 

Andy Ful

Level 30
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,967
OS
Windows 10
Antivirus
Microsoft
#57
Let's say I downloaded a file with google chrome or an email client, and then I execute it. What file types will trigger smartscreen blocking? Will it block downloaded scripts?

And what happens if I download a zip file with a torrent client?
@shmu26
I am afraid you missed my post #32 in this thread. Please read it first. I am sure it will help a lot. If you will have some concern, I'm here for you.:)
 
Likes: Umbra

shmu26

Level 67
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,653
OS
Windows 10
#59
@shmu26
I am afraid you missed my post #32 in this thread. Please read it first. I am sure it will help a lot. If you will have some concern, I'm here for you.:)
thanks!
so smartscreen won't work with a torrented file, and even if downloaded by browser, it might or might not work, after a zipped file is unzipped.

and what about a regular, unzipped script file, that is downloaded by a non-microsoft browser?
I don't think you covered that point. Maybe I missed it?
 

Andy Ful

Level 30
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,967
OS
Windows 10
Antivirus
Microsoft
#60
thanks!
so smartscreen won't work with a torrented file, and even if downloaded by browser, it might or might not work, after a zipped file is unzipped.

and what about a regular, unzipped script file, that is downloaded by a non-microsoft browser?
I don't think you covered that point. Maybe I missed it?
It does not matter what popular browser is used to download ZIP file. It always gets :
[ZoneTransfer]
ZoneId=3

The problem arises, when the file is uzipped. Windows builtin unzip function, can transfer

[ZoneTransfer]
ZoneId=3

to unzipped files.
 
Likes: shmu26