Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
What is Smartscreen? (Win8/10)
Message
<blockquote data-quote="Andy Ful" data-source="post: 594164" data-attributes="member: 32260"><p>It seems that in the new Windows 10 version, SmartScreen works in a simpler way.</p><p></p><p>When you download files using the popular Internet Browser, the Alternate Stream named: Zone.Identifier, is attached to the file:</p><p>[ZoneTransfer]</p><p>ZoneId=3</p><p></p><p>If the file is an executable: BAT, CMD, COM, CPL, DLL, EXE, JSE, MSI, OCX, SCR and VBE, then in IE or Edge you can see SmartScreen alert for files that are not recognized as safe - if it is ignored, the file is downloaded. If the file is recognized as malicious, then the download is blocked.</p><p>I tried this in Google Chrome, and SmartScreen alert did not show up there. So, it seems that SmartScreen in the Browser, checks files and urls only in IE and Edge.</p><p></p><p>Alternate Stream can be attached to file only on NTFS drives. If you copy the file to the non NTFS source (FAT pendrive, FAT USB Disk, DVD, Memory Card, etc.) the Alternate Stream is lost.</p><p>If you download a file by program downloader or torrent, then usually the Alternate Stream is not attached to the file.</p><p>If you download files in ZIP or another (compression format), the ZIP file has got Alternate Stream attached, but not the files in the ZIP archive. If you decompress the file by Explorer context menu option (Windows inbuilt), it can add to decompressed files the Alternate Stream transferred from the downloaded ZIP file. If you decompress archive (ZIP, ARJ, 7Z, etc.) by another method, usually Alternate Stream is skipped, but it depends on the program.</p><p>Files without Alternate Stream (Zone.Identifier) will be ignored by SmartScreen on the run.</p><p></p><p>If you run any file, then SmartScreen cheks Zone.Identifier and if it has: ZoneId=3 then the file is checked in the SmartScreen Reputation Cloud. If the file is recognized as safe, then ZoneId=3 is changed to AppZoneId=4 in Zone.Identifier (no SmartScreen alert). If it is not recognized as safe, then SmartScreen alert is showing up.</p><p></p><p>see also:</p><p>SmartScreen Demo Pages: <a href="http://demo.smartscreen.msft.net/" target="_blank">SmartScreen Demo</a></p><p><a href="https://malwaretips.com/threads/windows-8-smartscreen.28944/#post-216022" target="_blank">Windows 8 Smartscreen</a></p><p><a href="https://malwaretips.com/threads/run-by-smartscreen-utility.65145/" target="_blank">Run by Smartscreen utility</a></p></blockquote><p></p>
[QUOTE="Andy Ful, post: 594164, member: 32260"] It seems that in the new Windows 10 version, SmartScreen works in a simpler way. When you download files using the popular Internet Browser, the Alternate Stream named: Zone.Identifier, is attached to the file: [ZoneTransfer] ZoneId=3 If the file is an executable: BAT, CMD, COM, CPL, DLL, EXE, JSE, MSI, OCX, SCR and VBE, then in IE or Edge you can see SmartScreen alert for files that are not recognized as safe - if it is ignored, the file is downloaded. If the file is recognized as malicious, then the download is blocked. I tried this in Google Chrome, and SmartScreen alert did not show up there. So, it seems that SmartScreen in the Browser, checks files and urls only in IE and Edge. Alternate Stream can be attached to file only on NTFS drives. If you copy the file to the non NTFS source (FAT pendrive, FAT USB Disk, DVD, Memory Card, etc.) the Alternate Stream is lost. If you download a file by program downloader or torrent, then usually the Alternate Stream is not attached to the file. If you download files in ZIP or another (compression format), the ZIP file has got Alternate Stream attached, but not the files in the ZIP archive. If you decompress the file by Explorer context menu option (Windows inbuilt), it can add to decompressed files the Alternate Stream transferred from the downloaded ZIP file. If you decompress archive (ZIP, ARJ, 7Z, etc.) by another method, usually Alternate Stream is skipped, but it depends on the program. Files without Alternate Stream (Zone.Identifier) will be ignored by SmartScreen on the run. If you run any file, then SmartScreen cheks Zone.Identifier and if it has: ZoneId=3 then the file is checked in the SmartScreen Reputation Cloud. If the file is recognized as safe, then ZoneId=3 is changed to AppZoneId=4 in Zone.Identifier (no SmartScreen alert). If it is not recognized as safe, then SmartScreen alert is showing up. see also: SmartScreen Demo Pages: [URL="http://demo.smartscreen.msft.net/"]SmartScreen Demo[/URL] [URL='https://malwaretips.com/threads/windows-8-smartscreen.28944/#post-216022']Windows 8 Smartscreen[/URL] [URL='https://malwaretips.com/threads/run-by-smartscreen-utility.65145/']Run by Smartscreen utility[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
