Q&A What is Smartscreen? (Win8/10)

Do you use it ?

  • Yes

    Votes: 48 85.7%
  • No because...

    Votes: 8 14.3%

  • Total voters
    56

shmu26

Level 65
Verified
Joined
Jul 3, 2015
Messages
5,408
OS
Windows 10
#61
It does not matter what popular browser is used to download ZIP file. It always gets :
[ZoneTransfer]
ZoneId=3

The problem arises, when the file is uzipped. Windows builtin unzip function, can transfer

[ZoneTransfer]
ZoneId=3

to unzipped files.
got it, so let's put zip files on the side.

My second question is really more like this: let's say I download what I think is a plain old pdf file.
In truth, it is javascript.
I am stupid, and I click on it.
Does smartscreen save my skin?
 
Likes: Andy Ful

Andy Ful

Level 28
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,790
OS
Windows 10
Antivirus
Microsoft
#62
got it, so let's put zip files on the side.

My second question is really more like this: let's say I download what I think is a plain old pdf file.
In truth, it is javascript.
I am stupid, and I click on it.
Does smartscreen save my skin?
Edit.
Read my next post first, please.

1. Not directly. It does not stop the PDF file to be opened. In Windows 10, the Edge Browser will be opened, too. The script can run or sometimes cannot run in Edge. If the script can run in Edge, then SmartScreen can block the phishing page or malicious download.
2. If Edge Browser is not set to open PDF files, then the file will be opened by default PDF viewer. If one uses Microsoft Reader (AppContainer) with disabled JavaScript option then nothing happens. If JavaScript option is enabled, then the script is locked in Appcontainer or you will be redirected to malware webpage (see ponit 1).
3. There are many possibilities.
 
Last edited:
Likes: shmu26

Andy Ful

Level 28
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,790
OS
Windows 10
Antivirus
Microsoft
#63
got it, so let's put zip files on the side.

My second question is really more like this: let's say I download what I think is a plain old pdf file.
In truth, it is javascript.
I am stupid, and I click on it.
Does smartscreen save my skin?
If it is double extension file malware.pdf.JS, then the script will be run, and SmartScreen can only help when the Edge or IE will be opened.
 
Likes: shmu26

reboot

Level 3
Verified
Joined
Jan 27, 2017
Messages
143
OS
Windows 10
Antivirus
Default-Deny
#66
No impact on SmartScreen, I think. SmartScreen App Reputation on Run works even with disabled WD. But, the excluded files should open quicker.
Okay so that short circuits some thoughts and ideas I was having around why…

1. one should really test native security as a 'whole' rather than just individual components like SmartScreen
2. excluding folders full of samples of malware and ransomware (so real time protection doesn't kick in) and then including the folders may actually skew the results.

I know that none of that probably makes sense in the context of my original question, but that's where my thoughts were headed.

Anyway I am a bit intimidated to ask further questions in case Umbra slaps me for being lazy and not testing things for myself. LOL

On a serious note thank you to for providing such detailed explanations. I have read your post several times and each time it feels like I pick up another gem. :)
 
Joined
Feb 3, 2017
Messages
103
OS
Windows 10
Antivirus
Kaspersky
#67
I leave SmartScreen switched on myself. It doesn't really do any harm. If you really need to run something, there is always the run anyway option.
 

Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
18,234
OS
Windows 10
Antivirus
Default-Deny
#69
Okay so that short circuits some thoughts and ideas I was having around why…
1. one should really test native security as a 'whole' rather than just individual components like SmartScreen
Finally ! someone that use its brain ! i keep saying that since ages on various forums , even tests labs/youtesters, and some so called "security experts'" don't get it.

Anyway I am a bit intimidated to ask further questions in case Umbra slaps me for being lazy and not testing things for myself. LOL
Don't be shy , ask , anyway slaps makes your skin pinker and firmer with time :D
 

Rolo

Level 18
Verified
Joined
Jun 14, 2015
Messages
857
OS
Windows 10
Antivirus
Bitdefender
#70
no it is system wide and work with all browser, just did the test by downloading foobar 2000 with Chrome, cut internet , and executed the exe; it is flagged.
This is a bit inaccurate and creates confusion. SS works at the file system level and additionally works with IE & Edge; it does not work with all browsers.

IE/Edge will give notification upon download; with any other browser, SS won't kick in until the file is opened.
 

Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
18,234
OS
Windows 10
Antivirus
Default-Deny
#71
@Rolo exactly what i said lol

That is the meaning of system-wide, means work with all downloaded files. I didn't point detection at download but at execution, which is what is important , block when executed. Of course , using IE/Edge his better but few use them.
 
Last edited: