Serious Discussion What is Smartscreen? (Win8/10)

  • Thread starter Deleted member 178
  • Start date

Do you use it ?

  • Yes

    Votes: 58 87.9%
  • No because...

    Votes: 8 12.1%

  • Total voters
    66

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,121
If the file has got EV digital certificate, the SmartScreen assumes that the file is safe. But, I do not know if it means not connecting to Reputation Cloud. I do not have got such files.
You try that foobar 2000 and see with internet disconnected.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,369
What's the point of a message if it does not tell the user whether the application is malicious or not?
What is the point of using the stationary telephone, if sometimes there is no power?
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,369
You try that foobar 2000 and see with internet disconnected.
I am afraid that Foobar has not got EV certificate. This is a very special (high quality) kind od digital signing.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
So far I have not seen it in action since I'm not using IE and Edge

Typically the Smartscreen scans for digital signature alongside of reputation result when online, so if no alerts occurred then it passed on the criteria hence ready for execution.

Possible it checks also from current digital publishers if exist in the system.

@Umbra Does that mean Windows SmartScreen is 100% cloud-based?

View attachment 135741

Yes by context, the concept of IE/Edge browser is same on Windows OS feature. I've encountered Smartscreen yesterday on my classmate's laptop.

Although it may scan possible from current certificates in the system.

I got no alert from Smartscreen in my Windows 10 Pro for the last 2 demo tests with internet disconnected like what @Umbra said

Basically the Smartscreen already downloaded some temporary cache to checked for results of a file.

A pop-up like 'cannot checked right now' is because of digital signature that may not present in the system.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,369
What is the definition of 100% cloud-based?
I do not think that such definition exists. But, for our discussion, it could mean that SmartScreen cannot check the file without Internet connection with Reputation Cloud.
 

reboot

Level 3
Verified
Well-known
Jan 27, 2017
139
I do not think that such definition exists. But, for our discussion, it could mean that SmartScreen cannot check the file without Internet connection with Reputation Cloud.

Thanks Andy. I think that is a workable definition for the sake of this thread. :) I must be getting old because some questions just fry my brain. Like trying to answer the question... When does smell become taste?
 
  • Like
Reactions: Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,369
You can bypass Windows inbuilt filters for using unsigned/blocked apps by opening cmd with admin rights and typing " to start then file location and name and finish by typing " at the end and you will be able to use/install blocked program. Sometimes when Windows blocks unsigned/blocked apps I know are clean I have to use this method to unlock the file.
I would like to test it. Could you give some examples, please.
 
  • Like
Reactions: reboot

reboot

Level 3
Verified
Well-known
Jan 27, 2017
139
If one excludes folders and files in Windows Defender what impact if any does that have on SmartScreen?
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Let's say I downloaded a file with google chrome or an email client, and then I execute it. What file types will trigger smartscreen blocking? Will it block downloaded scripts?

And what happens if I download a zip file with a torrent client?
 
D

Deleted member 178

Thread author
Let's say I downloaded a file with google chrome or an email client, and then I execute it. What file types will trigger smartscreen blocking? Will it block downloaded scripts?

And what happens if I download a zip file with a torrent client?

as i said above , you will know by testing it and tell us your result :D
 
  • Like
Reactions: Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,369
If one excludes folders and files in Windows Defender what impact if any does that have on SmartScreen?
No impact on SmartScreen, I think. SmartScreen App Reputation on Run works even with disabled WD. But, the excluded files should open quicker.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,369
Let's say I downloaded a file with google chrome or an email client, and then I execute it. What file types will trigger smartscreen blocking? Will it block downloaded scripts?

And what happens if I download a zip file with a torrent client?
@shmu26
I am afraid you missed my post #32 in this thread. Please read it first. I am sure it will help a lot. If you will have some concern, I'm here for you.:)
 
  • Like
Reactions: Deleted member 178

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
@shmu26
I am afraid you missed my post #32 in this thread. Please read it first. I am sure it will help a lot. If you will have some concern, I'm here for you.:)
thanks!
so smartscreen won't work with a torrented file, and even if downloaded by browser, it might or might not work, after a zipped file is unzipped.

and what about a regular, unzipped script file, that is downloaded by a non-microsoft browser?
I don't think you covered that point. Maybe I missed it?
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,369
thanks!
so smartscreen won't work with a torrented file, and even if downloaded by browser, it might or might not work, after a zipped file is unzipped.

and what about a regular, unzipped script file, that is downloaded by a non-microsoft browser?
I don't think you covered that point. Maybe I missed it?

It does not matter what popular browser is used to download ZIP file. It always gets :
[ZoneTransfer]
ZoneId=3

The problem arises, when the file is uzipped. Windows builtin unzip function, can transfer

[ZoneTransfer]
ZoneId=3

to unzipped files.
 
  • Like
Reactions: shmu26

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top