Configure windows defender smartscreen

Тонкая настройка фильтра безопасности SmartScreen позволит комфортно использовать преимущества системы защиты, а также избавиться от надоедливых оповещений. Ниже будут приведены варианты настройки или полного отключения SmartScreen.

Картинка с сайта: recovery-software.ru

Содержание

1. Варианты настройки защиты и отключения SmartScreen
2. Режимы работы SmartScreen
3. Проблемы с отключением SmartScreen
4. Как отключить фильтр SmartScreen в магазине Windows 10
5. Как отключить фильтр SmartScreen через редактор групповой политики

Фильтр SmartScreen является одной из функций встроенной системы безопасности ОС Windows. Данная утилита предназначена для защиты компьютера от вредоносного ПО, скачанного из сети. Принцип работы SmartScreen заключается в сравнении скачанного и запускаемого файла с базой данных вредоносных программ. Если подобный файл будет обнаружен в базе данных вирусов, система автоматически запретит запускать его, предостерегая компьютер от угроз. SmartScreen работает в проводнике системы и встроенном браузере Internet Explorer.

Интересный факт: браузер Internet Explorer стал тестовой площадкой для фильтра SmartScreen, откуда данная утилита была интегрирована в проводник Windows 8 и 10.

На первый взгляд, фильтр SmartScreen приносит много пользы, «фильтруя» вредоносные сайты и запрещая запускать файлы, хранящиеся в базе вирусов. С другой стороны, такая защита очень навязчива, ведь практически вся информация из сети будет проходить сверку с базой данных и под блокировку смогут попадать даже полезные данные.

К счастью, файлы и сайты не из списка не будут полностью заблокированы, ведь фильтр SmartScreen автоматически выдаст оповещение о потенциально опасном ресурсе, на который пользователь все равно сможет перейти на свой страх и риск. Тем не менее, многие опытные пользователи специально отключают или подстраивают защиту под себя, чтобы избежать траты времени на различные подтверждения и добавления отдельных файлов в белый список.

Ниже будут описаны способы отключения и настройки SmartScreen, которые рекомендуется применять только опытным пользователям с установленными сторонними антивирусными программами, обеспечивающими надежную защиту.

Варианты настройки защиты и отключения SmartScreen

Для перехода в меню настроек SmartScreen необходимо:

Шаг 1. Открыть «Панель управления», нажав правой кнопкой мыши по кнопке «Пуск». Также панель управления можно открыть через поиск.

Картинка с сайта: recovery-software.ru

Шаг 2. В панели управления в режиме отображения «Категории» выбрать пункт «Система и безопасность».

Картинка с сайта: recovery-software.ru

Шаг 3. В открывшемся окне выбрать пункт «Безопасность и обслуживание».

Картинка с сайта: recovery-software.ru

Шаг 4. Нажать по пункту «Изменение параметров SmartScreen» и выбрать необходимый режим работы или полностью отключить фильтр.

Картинка с сайта: recovery-software.ru

Режимы работы SmartScreen

Запрос утверждения. Фильтр SmartScreen будет запрашивать от пользователя подтверждения открытия файла.

Предупреждение. SmartScreen будет выдавать уведомления о подозрительных файлах.

Отключение SmartScreen для проводника Windows.

Проблемы с отключением SmartScreen

В некоторых случаях после перехода в меню настроек SmartScreen пользователь может обнаружить неактивные пункты режимов работы фильтра. Для решения этой проблемы следует прибегнуть к внесению изменений в редакторе реестра.

Это можно сделать следующим образом:

Шаг 1. Нажимаем ПКМ по кнопке «Пуск» и выбираем пункт «Выполнить». В открывшемся окне вводим команду «regedit» для вызова меню редактора реестра.

Картинка с сайта: recovery-software.ru

Шаг 2. Переходим в реестре по пути «HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Policies\Microsoft\Windows Defender» и в данном каталоге создаем новый параметр, нажав ПКМ и выбрав пункт «Параметр DWORD (32 бита)».

Картинка с сайта: recovery-software.ru

Шаг 3. Переименовываем новосозданный параметр на «DisableAntiSpyware», дважды кликаем по нему левой кнопкой мыши и в открывшемся окне в графе значение ставим единицу и подтверждаем действие кнопкой «Ок».

Картинка с сайта: recovery-software.ru

После перезагрузки компьютера фильтр Windows будет полностью отключен. Чтобы снова активировать SmartScreen, достаточно в последнем шаге ввести вместо единицы ноль и перезагрузить ПК.

Как отключить фильтр SmartScreen в магазине Windows 10

После отключения фильтра в проводнике системы можно отключить SmartScreen в магазине Windows, что позволит скачивать различные приложения и утилиты, минуя встроенную систему защиты.

Шаг 1. Нажимаем ПКМ по кнопке «Пуск» и выбираем пункт «Параметры».

Шаг 2. В открывшемся окне переходим в раздел «Конфиденциальность» (находится в нижней части меню).

Картинка с сайта: recovery-software.ru

Шаг 3. В графе «Общее» находим пункт «Включить фильтр SmartScreen для проверки веб-содержимого…» и переводим переключатель в выключенное состояние.

Картинка с сайта: recovery-software.ru

После выполнения вышеуказанных шагов, SmartScreen в магазине Windows будет отключен.

Как отключить фильтр SmartScreen через редактор групповой политики

В случае использования Корпоративной или Профессиональной версии Windows 10 существует еще один способ отключения фильтра SmartScreen. Для этого следует воспользоваться редактором групповой политики, который позволяет производить ручную настройку приложений.

Шаг 1. Открываем «Редактор групповой политики». Для этого нажимаем ПКМ по «Пуск», выбираем пункт «Выполнить» и вводим команду «gpedit.msc».

Картинка с сайта: recovery-software.ru

Шаг 2. В левой графе следует перейти по следующему пути: «Конфигурация компьютера», «Административные шаблоны», «Компоненты Windows», «Проводник» и в правой графе найти пункт «Настроить функцию SmartScreen…».

Картинка с сайта: recovery-software.ru

Шаг 3. Дважды кликаем по найденному пункту и в открывшемся окне переводим кнопку слева в режим «Отключено».

Картинка с сайта: recovery-software.ru

Microsoft Defender SmartScreen is part of the Windows Security solution. It helps you protect against common threats by warning against downloading or installing potentially malicious files from other computers.

SmartScreen is enabled by default in Windows. However, sometimes, you may want to disable the feature if it identifies and blocks genuine apps and files as malicious. Fortunately, you can disable SmartScreen easily. Here, we show you how to disable the SmartScreen filter in Windows.

How Does Windows SmartScreen Filter Work?

SmartScreen relies on reputation-based protection to protect your device from malicious or potentially unwanted apps and websites.

When enabled, SmartScreen screens your downloads against known suspicious sites and developers. When a match is found, it blocks the download or site access and warns the user about the action taken.

You can configure it to block apps and files by checking unrecognized apps and files from the web. It can also protect you from Microsoft Store and third-party sourced apps that are low on reputation and known to cause unexpected behavior.

SmartScreen is also part of Microsoft Edge’s security settings. When enabled, it helps protect your computer against malicious and phishing sites and block downloads.

SmartScreen is enabled by default on all the Windows OS running systems. However, some experienced users may find the feature annoying as it can block safe apps, requiring additional steps to run the setup.

While we recommend you always turn the SmartScreen filter on, you can disable it easily from the Windows Security settings. Here’s how to do it.

1. How to Turn Off SmartScreen Using Windows’ Security Settings

The easiest way to turn off SmartScreen is via the Windows Settings panel. You can configure all the aspects of your system security from the Windows Security panel. Here’s how to do it.

1. Press Win + I to open Settings.
2. Open the Privacy and Security tab in the left pane.
3. Click on Windows Security.
   

   Картинка с сайта: www.makeuseof.com

4. Next, click on Open Windows Security.
   

   Картинка с сайта: www.makeuseof.com

5. Open the App & browser control tab in the left pane.
6. Click on Reputation-based protection settings under Reputation-based protection.
   

   Картинка с сайта: www.makeuseof.com

7. Here, you’ll find four different SmartScreen filters you can individually enable or disable. If you want to turn off the filter for files and executables, turn off Check apps and files and Potentially unwanted app blocking filters. The other two filters are for Microsoft Edge and Microsoft Store apps.
   

   Картинка с сайта: www.makeuseof.com

8. If you want to turn off SmartScreen completely, disable all four filters.

When you have difficulty accessing the Windows Security window, refer to our troubleshooting guide to fix a blank Windows security screen.

If any of the SmartScreen filters are grayed out with the message «this setting is managed by your administrator,» you must contact your administrator or try another method.

2. How to Disable SmartScreen for Microsoft Edge

Картинка с сайта: www.makeuseof.com

Microsoft Edge has a built-in option to enable and disable Microsoft Defender SmartScreen. Here’s how to access it:

1. Launch Microsoft Edge and click the three-dots menu icon in the top right corner.
2. Click on Settings.
3. Open the Privacy, search, and services tab in the left pane.
4. Scroll down to the Security section.
5. Toggle the switch for Microsoft Defender SmartScreen to turn it off. This will disable the Block potentially unwanted apps option as well.
6. If you choose to enable SmartScreen again, you must manually enable the Block potentially unwanted apps feature.

Additionally, you can disable SmartScreen for Microsoft Edge using the Windows Security app and Registry Editor. Here’s how to do it.

Disable Microsoft Edge SmartScreen Using Windows Security

Microsoft Edge SmartScreen is for your browsing safety against phishing and malware sites and software you download. Unless an administrator manages it, you can turn it off.

1. Press Win + R to open Run.
2. Type windowsdefender:// and click OK to open the Windows Security app.
   

   Картинка с сайта: www.makeuseof.com

3. Open the App & browser control tab in the left pane.
4. Next, click the Reputation-based protection settings link under Reputation-based protection.
   

   Картинка с сайта: www.makeuseof.com

5. Toggle the switch for SmartScreen for Microsoft Edge to turn off Microsoft Defender SmartScreen for the Edge browser.

Disable SmartScreen for Microsoft Edge Using Registry Editor

Editing the registry entry is an alternative (but more complicated) method to disable the SmartScreen for the Edge browser permanently.

1. Press Win + R to open Run.
2. Type regedit and click OK to open Registry Editor.
3. Next, navigate to the following location:

           HKEY_CURRENT_USER\Software\Microsoft\Edge\SmartScreenEnabled
       

4. In the right pane, right-click on the Default value and select Modify.
   

   Картинка с сайта: www.makeuseof.com

5. Type 1 in the Value data field and click OK to save the changes.
   

   Картинка с сайта: www.makeuseof.com

6. You may need to restart your computer to see the changes live.

3. How to Turn Off Windows Defender SmartScreen Using Internet Properties

You can turn on or off Windows Defender SmartScreen using the Internet Properties dialog in Windows 10. Also known as Internet Options, it lets you configure security and access settings, add-ons, Active-X controls, and more.

Follow these steps to turn off SmartScreen using Internet Options:

1. Press Win + R to open Run.
2. Type control and click OK to open the Control Panel.
3. Click on Network and Internet.
   

   Картинка с сайта: www.makeuseof.com

4. Next, click on Internet Options.
5. In the Internet Properties window, open the Advanced tab.
   

   Картинка с сайта: www.makeuseof.com

6. Scroll down to the Security section.
   

   Картинка с сайта: www.makeuseof.com

7. Uncheck the Enable Windows Defender SmartScreen option.
8. Click Apply and OK to save the changes.

On a newer version of Windows, including Windows 11, you may not find any option to enable or disable Windows Defender SmartScreen in Internet Properties.

4. How to Enable or Disable SmartScreen Using Registry Editor

You can also turn the Windows Defender SmartScreen on or off using the Registry Editor. Useful if you cannot access it from the Settings app or Internet Properties.

Note that incorrect modification to the registry entries can cause system malfunction. Therefore, create a restore point before proceeding with the steps below.

1. Press Win + R to open Run.
2. Type regedit and click OK to open the Registry Editor. Click Yes if prompted by UAC to grant administrative privilege.
3. In the Registry Editor, navigate to the following location:

   HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System

4. In the right pane, locate the EnableSmartScreen filter value. You will need to create a new value if no value is found.
   

   Картинка с сайта: www.makeuseof.com

5. To create a new value, right-click on the System key and select New > DWORD (32-bit) Value.
6. Rename the value as EnableSmartScreen.
7. Next, right-click on the EnableSmartScreen value and select Modify.
   

   Картинка с сайта: www.makeuseof.com

8. Type 0 in the Value data field and click OK to save the changes.
9. To enable the SmartScreen filter, type 1 in the Value data field and click OK.
10. Close the Registry Editor and restart your PC to apply the changes.

You can further tweak the registry to create a new String Value to set the blocking level to Warn or Block. Using Warn will show a SmartScreen warning with an option to proceed. In contrast, the Block option will show a warning and block the app from running on your computer.

To set a new ShellSmartScreenLevel String Value in Registry Editor:

1. Right-click on the System subkey and select New > String Value. Rename the value as ShellSmartScreenLevel.
   

   Картинка с сайта: www.makeuseof.com

2. Next, right-click on ShellSmartScreenLevel and select Modify.;
   

   Картинка с сайта: www.makeuseof.com

3. Type Warn or Block depending on what you want the SmartScreen Level to do. Click OK to save the changes and exit Registry Editor.

5. How to Turn the SmartScreen Filter On or Off Using the Group Policy Editor

If you want to manage the SmartScreen filter for multiple computers at your organization, you can use the Group Policy Editor to do this task.

Note that Group Policy Editor is only available on Windows Pro, Edu, and Enterprise editions of the OS. If you are using Home, explore our guide to enable Group Policy Editor on the Windows Home edition.

To configure the SmartScreen filter using GPEdit:

1. Press Win + R to open Run.
2. Type gpedit.msc and click OK to open the Group Policy Editor.
3. Next, navigate to the following location in Group Policy Editor:

           Computer Configuration > Administrative Templates > Windows Components > File Explorer.
       

4. In the right pane, right-click on Configure Windows Defender SmartScreen policy and select Edit.
   

   Картинка с сайта: www.makeuseof.com

5. To disable SmartScreen, select Disabled.
6. If you want to enable SmartScreen, select Not Configured or Enabled.
   

   Картинка с сайта: www.makeuseof.com

7. Click Apply and OK to save the changes.
8. Close Group Policy Editor and restart your PC.

Manage the SmartScreen Filter in Windows

While you can easily disable the SmartScreen filter in Windows, it is an extremely useful security tool. It can protect you against malicious files and programs and screen and block suspicious sites. It’s an added layer of protection to Windows Defender and helps keep your PC safe. Make sure to enable the SmartScreen filter once the task is finished.

 
Procedures to Configure Windows Defender SmartScreen Settings for App & Browser Control on Windows 10. – Microsoft introduces Windows Defender Security center working as a hub of all the security tools. This security center will be effective after the advent of Creators update. So now you can customize Windows Defender SmartScreen Settings for App and Browser from this hub.

App & Browser Control includes 3 filters – Checks apps and Files, SmartScreen for Microsoft Edge and Windows Store. All these three collectively work to safeguard your Windows 10 PC from unwanted malware and potential threat. And then when you configure Windows Defender SmartScreen Settings you need to change the Settings of each of the 3 filters meeting with your preferences. So in this guide, you will learn the method to configure these security settings.

How to Windows Defender Smartscreen Settings for App & Browser Control in Windows 10

Step 1 – Click the key combination Win + I and either type or copy – paste %windir%\explorer.exe windowsdefender: in the available space. Press Enter.

You can find multiple procedures to Access Windows Defender Security Center on Windows 10.

Step 2 – Windows Defender Security Center comes to view on the screen of your device. And then click on the three horizontal lines icon from the top left of the appearing security application. This will reveal all the settings of the Windows Defender Security Center in the left pane.

Step 4 – Click on the fourth option App& Browser Control to configure Windows Defender SmartScreen Settings.

Check Apps and Files

Step 5 – The first section is Check apps and files that protects your device by checking any unrecognized apps and files.

See a guide in this regard Unblock file in Properties, Open File Security Warning, SmartScreen Windows 10.
BlockThis setting includes 3 options – Block, Warn and Off.

This option obstructs any unrecognized apps and files from the web. If you select this option then you cannot download any unfamiliar apps and files.

Warn

The second option is wherein the UAC will prompt to warn you if you are using unrecognized applications and files. Then the choice is left to the user whether to download or not.

Off

If you choose this option then will not receive any warning even if you use any site while downloading apps and files.

You just need to toggle the button to register your preference.

Smart Screen for Microsoft Edge

Step 6 – The second section is Smart Screen for Microsoft Edge where you get protection from malicious sites and downloads. Even here you get the same three options as the previous one to protect your device while using Microsoft Edge.

Smart Screen for Windows Store Apps

Step 7 – And the third portion is dedicated to Windows Store Application. This keeps a check on the web content that Windows Store application uses.

Here you get two options – the first one is Warn where you get a warning if you use any harmful web content in the store. And the second one is Off which does not pop up any warning during the usage of damaging sites. We always suggest you not to use this option as it may be risky for your device.

Conclusion

The app & browser control helps to secure your PC against any malware or any potential threat. Consequently, you can turn it off if you don’t want such protections. However, it is always good to use them from the security point of view.

Is your SmartScreen Filter turned off? Or do you get the message SmartScreen Filter cannot check this website? If that is so, this post will show you how to enable or disable SmartScreen Filter on Windows 11/10 using the UI, the Group Policy, and the Registry Editor.

Картинка с сайта: www.thewindowsclub.com

For those who don’t know what SmartScreen is, it is a feature that helps detect phishing websites, and can also help protect you from installing malicious software or malware. So whenever you encounter a suspicious site, a warning will be displayed on the browser window to notify the user about the site’s nature and whether the user trusts the site owner/publisher to continue further on the URL provided.

Read: SmartScreen filter warning messages explained.

Here, we will show you the following three methods to enable or disable the SmartScreen Filter on Windows 11/10.

• Via Windows 11/10 Settings
• By using the Local Group Policy Editor
• Via the Registry Editor

Let’s see all these methods in detail.

Enable or disable SmartScreen Filter using Windows 11/10 Settings

Картинка с сайта: www.thewindowsclub.com

Use the following steps:

1. Open Windows 11/10 Settings.
2. Go to Privacy & security > Windows Security.
3. Click Open Windows Security.
4. Select App & browser control in Windows Security.
5. Now, click on the Reputation-based protection settings link.
6. Turn on or off the following settings as required
   • Check apps and files
   • SmartScreen for Microsoft Edge
   • SmartScreen for Microsoft Store apps.

Do note that when you turn off the above-mentioned options, you will leave your computer vulnerable.

Via Microsoft Edge

You can also enable or disable SmartScreen Filter in Microsoft Edge Settings. However, when you turn on or off this feature for Microsoft Edge in Windows 11/10 Settings, the feature will automatically disabled in Edge Settings. Go through the following instructions:

Картинка с сайта: www.thewindowsclub.com

1. Open Microsoft Edge.
2. Open its Settings by clicking on the three dots on the top right side.
3. Select the Privacy, search, and services category from the left side.
4. Scroll down to the Security section on the right pane.

Here toggle the Microsoft Defender SmartScreen switch to the Off or On position as required.

Via Internet Properties

Картинка с сайта: www.thewindowsclub.com

You can also open Internet Options/Properties. Go to the Advanced tab and scroll down for Security Category. There if you want to enable/disable the feature, you can accordingly check the box captioned “Enable SmartScreen Filter” and then press OK.

Now after you enable the feature, every time you encounter a suspicious URL it will display a message.

If you don’t want to use this feature, you can just uncheck the checkbox to disable the same, but it’s highly recommended since phishing attacks are increasing day by day, increasing the potential threat to confidential information of email accounts.

In the latest version of the Windows 11 operating system, the option to enable or disable SmartScreen Filter is not available in the Internet Properties. Therefore, you have to use Windows 11 Settings for the same.

TIP: You can also quickly bypass the SmartScreen filter and download files, without turning off SmartScreen Filter.

SmartScreen Filter is turned off

You can also enable and disable the SmartScreen Filter via the Local Group Policy Editor and the Registry Editor. This method is also useful if your SmartScreen is turned off or you receive the message that it is disabled by an administrator.

Картинка с сайта: www.thewindowsclub.com

Enable or Turn on SmartScreen Filter using the Local Group Policy Editor

The Local Group Policy Editor is not available in Windows 11/10 Home Edition. Therefore, if you are a Windows 11/10 Home user, you can skip this method.

Картинка с сайта: www.thewindowsclub.com

Open the Run command box (Win + R keys) and type gpedit.msc. Click OK to open the Group Policy Editor. Now, navigate to the following path:

Computer Configuration > Administrative Templates > Windows Components > File Explorer

Картинка с сайта: www.thewindowsclub.com

In the right pane, double-click on Configure Windows SmartScreen to change its settings. In recent Windows 11/10 versions, it is called Configure Windows Defender SmartScreen.

This policy setting allows you to manage the behavior of Windows SmartScreen. Windows SmartScreen helps keep PCs safer by warning users before running unrecognized programs downloaded from the Internet. Some information is sent to Microsoft about files and programs run on PCs with this feature enabled. If you enable this policy setting, Windows SmartScreen behavior may be controlled by setting one of the following options: Require approval from an administrator before running downloaded unknown software, Give user a warning before running downloaded unknown software or Turn off SmartScreen. If you disable or do not configure this policy setting, Windows SmartScreen behavior is managed by administrators on the PC by using Windows SmartScreen Settings in Action Center.

Read: How to disable SmartScreen for Microsoft Store apps.

Enable SmartScreen Filter using Registry Editor

This method required modifications in the Windows Registry. Therefore, before you proceed, we recommend you create a System Restore Point and back up your Registry. This will help you revert the changes if any problem occurs.

Open the Run command box and type regedit. Click OK and then click yes in the UAC prompt. This will open the Registry Editor.

Now, navigate to the following path:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System

Картинка с сайта: www.thewindowsclub.com

To easily go to the above-mentioned path, copy and paste it into the address bar of the Registry Editor. Hit Enter after that. In the right pane, you may find a DWORD value EnableSmartScreen.

If this value is not there, create it manually. Make sure that the System key is selected on the left side. Now, right-click in the empty space on the right side and select New > DWORD (32-bit) Value. Rename this newly created value as EnableSmartScreen.

Right-click on the EnableSmartScreen value and select Modify. Enter 0 in its Value data to turn off SmartScreen. Enter 1 in its Value data to turn on SmartScreen.

We have explained different values for EnableSmartScreen below:

• 0: To turn off SmartScreen
• 1: Give the user a warning before running downloaded unknown software
• 2: Require approval from an administrator before running downloaded unknown software.

After modifying the value in the Registry Editor, you need to restart your computer for the changes to take effect. This Registry Editor value will make the SmartScreen option for apps and files greyed out and you will see the following message in Windows Security UI:

This setting is managed by your administrator.

To fix this problem, you have to delete the EnableSmartScreen value in the Registry Editor. But to do this, you need to log into your system as an administrator. Open the Registry Editor and go to the above-mentioned path. Right-click on the EnableSmartScreen value and select Delete. After doing so, restart your computer for the changes to take effect.

That’s it. I hope this helps.

Is Microsoft Defender SmartScreen safe?

Microsoft Defender SmartScreen is completely safe and was developed by Microsoft. This feature is enabled by default. However, if you want, you can disable it in Windows Settings. If this is turned on, it will provide you [phishing protection, malware protection, reputation-based URL and app protection, etc. It also blocks the URLs associated with potentially unwanted applications.

Is disabling SmartScreen safe?

SmartScreen in Windows 11/10 computers protects users from many vulnerabilities. The SmartScreen for Microsoft Edge protects you from visiting malicious websites and downloading malicious files. Therefore, disabling this feature is not safe. Doing so will make your device vulnerable.

You might want to read these posts too:

1. Windows SmartScreen filter, Download Reputation, XSS Security features
2. Prevent bypassing of SmartScreen filter warnings.

Microsoft Defender SmartScreen is available in various Microsoft products and adds an extra/first layer/filter of protection. The core component of Microsoft Defender SmartScreen is protecting against phishing or malware websites/ applications. For Windows 11 more features are available including SmartScreen Enhanced phishing protection

Microsoft Defender SmartScreen is not part of Defender for Endpoint and is included in the Windows security protection capabilities of the machine.

Blog information:

Blog published: March 2, 2023
Blog latest updated: March 2, 2023

Introduction Defender SmartScreen

Microsoft Defender SmartScreen is a core component of Windows and protects against phishing or malware and downloading of potentially unwanted applications. Some years ago Microsoft started with SmartScreen. SmartScreen was first introduced in Internet Explorer 7, then known as the Phishing Filter. Since Internet Explorer 8 SmartScreen is available as a filter for socially engineered malware.

SmartScreen is cloud-based and nowadays integrated into multiple products:

• Internet Explorer (Legacy)
• Windows Explorer
• Microsoft Edge
• Windows 11 Enhanced Phishing Protection (Windows 11, version 22H2)

How works Defender SmartScreen

Defender SmartScreen protects against phishing/ malware and unknown applications. It is not part of the Defender for Endpoint installation, there are some dependencies/ integrations between both products.

Websites

Websites are checked against known indicators or suspicious behavior. Defender SmartScreen determines if the page is suspicious based on the detected behavior on the websites or known indicators.

Websites are checked against a dynamic list of reported phishing sites and malicious sites. When there is a match between the website and the dynamic list it reports the phishing site. This list is based on consumer devices and corporate environments.

Microsoft Defender SmartScreen checks the reputation of any website, application, or web app during the first run.

Downloads

Defender SmartScreen is able to detect potentially malicious downloaded apps or app installers. Each downloaded file is checked against a list of reported malicious software and unsafe programs classified by Microsoft. When there is a hash based on the downloaded file Defender SmartScreen warns the user of a potentially malicious download.

Defender SmartScreen is even checking against a list of files that are well-known and downloaded by users (consumer and enterprise). If the file is not commonly detected it reports a warning during the download.

Downloads are detected for any performed download and are integrated into the Windows 10 operating system.

Why is Defender SmartScreen important?

When using Defender for Endpoint the component Defender SmartScreen is important. When using Microsoft Edge it is needed to configure Defender SmartScreen for enabling Network Protection. The Network Protection component depends on the layer of SmartScreen for the Microsoft Edge browser. Other browsers (Chrome, Firefox, Operate, and more 3rd party) are based on Defender Network Protection itself.

How works the network protection flow

SmartScreen is built directly in Microsoft Edge and is responsible for Web Content Filtering, Custom Indicators, and Cloud App Rules. Only enabling Network Protection is not enough for getting network protection enabled in Microsoft Edge. Only Network Protection results in no protection for Microsoft Edge browsers.

Картинка с сайта: jeffreyappel.nl

Image source: Microsoft

Block result: SmartScreen (MS Edge)

Картинка с сайта: jeffreyappel.nl

Where to configure Defender SmartScreen?

Currently, there are multiple methods where Defender SmartScreen can be configured. Intune and GPO are common for configuring SmartScreen. This blog is focussing on the deployment using Intune.

Intune settings

In Intune, SmartScreen configurations are located everywhere (security baselines, device restriction profiles, custom catalog, endpoint security profiles). My personal preference is to configure all the configurations of a feature in one profile instead of using multiple profiles for a feature/configuration. This makes it easier and works better to avoid possible conflicts.

Картинка с сайта: jeffreyappel.nl

In this blog post, I will configure SmartScreen via Microsoft Intune custom catalog profiles and configure the following profiles:

• SmartScreen base settings
  • SmartScreen for explorer
  • SmartScreen for Microsoft Edge
  • SmartScreen Potentially unwanted app blocking
• SmartScreen Phishing protection Windows 11 (Only available since Windows 11) 22H2
  • Malicious apps and sites warning
  • Warn about password reuse
  • Warn about unsafe password storage

Intune base settings (Edge/ Explorer)

For the configuration of the first profile go to Intune and create the first Settings catalog profile:

• First, sign in to the Intune Portal and go to Devices > Windows > Configuration Profiles. Select Create Profile.
• Select Platform as Windows 10 and later and Profile Type as Settings catalog and click Create
• Specify the name and optionally add a description

The Intune settings catalog makes it possible to configure all related settings needed for Microsoft Defender SmartScreen. On the Configuration settings window; select Add settings and type Defender SmartScreen.

Картинка с сайта: jeffreyappel.nl

Select the following settings in the settings picker selection:

• Administrative Templates\Windows Components\File Explorer
  • Configure Windows Defender SmartScreen
• Microsoft Edge’SmartScreen settings
  • Configure Microsoft Defender SmartScreen
  • Configure Microsoft Defender SmartScreen to block potentially unwanted apps
  • Enable Microsoft Defender SmartScreen DNS requests
  • Force Microsoft Defender SmartScreen checks on downloads from trusted sources
  • Prevent bypassing Microsoft Defender SmartScreen prompts for sites
  • Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads

Картинка с сайта: jeffreyappel.nl

Configure the following settings:

Warn and prevent bypass vs Warn

Good to know. There is a difference in the type of protection/ prevention. Defender SmartScreen configuration is possible using the following preferences Warn and prevent bypass and Warn. What is the difference between the values?

Warn and prevent bypass – there is no option for the user to skip the warning message. It is not possible to bypass the warning and open the file/ website/ app.

Download warn and prevent bypass experience

Картинка с сайта: jeffreyappel.nl

Website warn and prevent bypass experience

Картинка с сайта: jeffreyappel.nl

Warn – The SmartScreen warning is visible when there is suspicious activity, but the user is allowed to bypass the warning and go to the website/ download the file. The warning is always visible.

Download warn experience

Картинка с сайта: jeffreyappel.nl

Website warn experience

Картинка с сайта: jeffreyappel.nl

SmartScreen Phishing protection Windows 11

Since Windows 11 version 22H2 there is enhanced phishing protection available in the SmartScreen component. Enhanced phishing protection helps with protecting work accounts against phishing and detects/ protects against unsafe usage on sites and apps. A nice one is the plaintext warning, when passwords are stored in plaintext (Notepad, Word, or any other Microsoft 365 app for example)

The new SmartScreen Phishing protection feature is part of the WebThreatDefense policy type in Defender. The best practice in Intune is to use the Settings Catalog for the configuration of the new settings.

For the configuration of the first profile go to Intune and create the first Settings catalog profile:

• First, sign in to the Intune Portal and go to Devices > Windows > Configuration Profiles. Select Create Profile.
• Select Platform as Windows 10 and later and Profile Type as Settings catalog and click Create
• Specify the name and optionally add a description

The Intune settings catalog makes it possible to configure all related settings needed for Microsoft Defender SmartScreen. On the Configuration settings window; select Add settings and type Enhanced Phishing Protection.

Картинка с сайта: jeffreyappel.nl

Select the following settings in the settings picker selection:

• Enhanced Phishing Protection
  • Notify Malicious
  • Notify Password Reuse
  • Notify Unsafe App
  • Service Enabled

Configure the following settings:

Test: Unsafe app

Testing the enhanced phishing protection is easy. The notification for the unsafe app can be triggered by typing the work password in text apps. When the password it copied; there is a notification visible with the text: “It’s unsafe to store your password in this app”

Картинка с сайта: jeffreyappel.nl

Test: Password reuse

Currently, there is no whitelist available for specific apps. In some sort of situations, there are false positives when there is no full SSO experience and the account password is used to sign in with the same password.

Картинка с сайта: jeffreyappel.nl

Test: Notify Malicious

Notify Malicious is warning users when their work/ school passwords are used on websites:

– Into a reported phishing site
– Into a Microsoft login URL with an invalid certificate
– Into an application connecting to either a reported phishing site or a Microsoft login URL with an invalid certificate

Simulation is a bit difficult based on the reported phishing site/ Microsoft login URL with an invalid certificate.

Test SmartScreen features

Use the SmartScreen demo site for testing the configured SmartScreen configurations for Microsoft Edge and Windows Explorer.

The demo site is available via: demo.wd.microsoft.com

Test the Defender SmartScreen URL Reputation and App Reputation features.

URL reputation

Test the following feature in Microsoft Edge.

• Phishing page
• Malware page
• Blocked download

Картинка с сайта: jeffreyappel.nl

App reputation

Test the following feature in Microsoft Edge.

• Unknown program (warning when bypass is possible)
• Known Malware (block)

Картинка с сайта: jeffreyappel.nl

Available data in Defender for Endpoint

Using Defender for Endpoint Advanced Hunting it is possible to find the SmartScreen data in Defender for Endpoint. Part of the DeviceEvents is the action type SmartSreenAppWarning.

KQL query for showing all SmartScreenAppWarning/ SmartScreenUrlWarning events. Part of the AdditionalFields is the experience (Untrusted/ Phishing/ Malicious/ Exploit/ CustomBlockList)

DeviceEvents
| where ActionType has_any('SmartScreenAppWarning','SmartScreenUrlWarning')
| extend TriggerReason = parse_json(AdditionalFields).Experience

Sources

• Microsoft: Enhanced Phishing Protection
• Microsoft: Microsoft Defender SmartScreen overview