Serious Discussion What is Smartscreen? (Win8/10)

  • Thread starter Deleted member 178
  • Start date

Do you use it ?

  • Yes

    Votes: 58 87.9%
  • No because...

    Votes: 8 12.1%

  • Total voters
    66

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
It does not matter what popular browser is used to download ZIP file. It always gets :
[ZoneTransfer]
ZoneId=3

The problem arises, when the file is uzipped. Windows builtin unzip function, can transfer

[ZoneTransfer]
ZoneId=3

to unzipped files.
got it, so let's put zip files on the side.

My second question is really more like this: let's say I download what I think is a plain old pdf file.
In truth, it is javascript.
I am stupid, and I click on it.
Does smartscreen save my skin?
 
  • Like
Reactions: Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
got it, so let's put zip files on the side.

My second question is really more like this: let's say I download what I think is a plain old pdf file.
In truth, it is javascript.
I am stupid, and I click on it.
Does smartscreen save my skin?
Edit.
Read my next post first, please.

1. Not directly. It does not stop the PDF file to be opened. In Windows 10, the Edge Browser will be opened, too. The script can run or sometimes cannot run in Edge. If the script can run in Edge, then SmartScreen can block the phishing page or malicious download.
2. If Edge Browser is not set to open PDF files, then the file will be opened by default PDF viewer. If one uses Microsoft Reader (AppContainer) with disabled JavaScript option then nothing happens. If JavaScript option is enabled, then the script is locked in Appcontainer or you will be redirected to malware webpage (see ponit 1).
3. There are many possibilities.
 
Last edited:
  • Like
Reactions: shmu26

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
got it, so let's put zip files on the side.

My second question is really more like this: let's say I download what I think is a plain old pdf file.
In truth, it is javascript.
I am stupid, and I click on it.
Does smartscreen save my skin?

If it is double extension file malware.pdf.JS, then the script will be run, and SmartScreen can only help when the Edge or IE will be opened.
 
  • Like
Reactions: shmu26

reboot

Level 3
Verified
Well-known
Jan 27, 2017
139
No impact on SmartScreen, I think. SmartScreen App Reputation on Run works even with disabled WD. But, the excluded files should open quicker.

Okay so that short circuits some thoughts and ideas I was having around why…

1. one should really test native security as a 'whole' rather than just individual components like SmartScreen
2. excluding folders full of samples of malware and ransomware (so real time protection doesn't kick in) and then including the folders may actually skew the results.

I know that none of that probably makes sense in the context of my original question, but that's where my thoughts were headed.

Anyway I am a bit intimidated to ask further questions in case Umbra slaps me for being lazy and not testing things for myself. LOL

On a serious note thank you to for providing such detailed explanations. I have read your post several times and each time it feels like I pick up another gem. :)
 
  • Like
Reactions: shmu26 and Andy Ful
D

Deleted member 178

Thread author
Okay so that short circuits some thoughts and ideas I was having around why…
1. one should really test native security as a 'whole' rather than just individual components like SmartScreen

Finally ! someone that use its brain ! i keep saying that since ages on various forums , even tests labs/youtesters, and some so called "security experts'" don't get it.

Anyway I am a bit intimidated to ask further questions in case Umbra slaps me for being lazy and not testing things for myself. LOL

Don't be shy , ask , anyway slaps makes your skin pinker and firmer with time :D
 

Rolo

Level 18
Verified
Jun 14, 2015
857
no it is system wide and work with all browser, just did the test by downloading foobar 2000 with Chrome, cut internet , and executed the exe; it is flagged.

This is a bit inaccurate and creates confusion. SS works at the file system level and additionally works with IE & Edge; it does not work with all browsers.

IE/Edge will give notification upon download; with any other browser, SS won't kick in until the file is opened.
 
D

Deleted member 178

Thread author
@Rolo exactly what i said lol

That is the meaning of system-wide, means work with all downloaded files. I didn't point detection at download but at execution, which is what is important , block when executed. Of course , using IE/Edge his better but few use them.
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top