How the SmartScreen Filter Works in Windows 8 and 10

The SmartScreen filter built into Windows 8 and 10 blocks dangerous programs, files, and websites from running. It also warns you before you run an application it doesn’t recognize as safe.

SmartScreen is a useful security feature that protects your PC, but it may occasionally warn you before you run a legitimate application if SmartScreen hasn’t seen it before. This feature does report some information to Microsoft so it can function.

How SmartScreen Works

At the operating system level, SmartScreen functions by sending information about every application you download and run to Microsoft’s servers. If the application is something legitimate and fairly popular, like Google Chrome or Apple iTunes, Windows will allow it to run. If it’s something Microsoft knows is harmful, Windows will prevent it from running.

If the application is something SmartScreen isn’t familiar with, you’ll see warning message saying that Windows prevented an unrecognized app from starting. You can choose to bypass this message at your own risk, if you’re confident the application is safe.

This operating system level protection works no matter where the application or file comes from. So, if you download an application in Google Chrome, Google’s Safe Browsing service will check if the application is safe. Then, when you try to run it, Windows SmartScreen will check if the application is safe. If that’s all good, Windows Defender or whatever other antivirus you have installed will check whether the application is dangerous. SmartScreen is just another layer of protection.

On Windows 10, SmartScreen also blocks malicious websites and downloads in Microsoft Edge and Windows Store apps, just as the Google Safe Browsing service blocks access to dangerous websites in Chrome and Firefox.

How to Run an Unrecognized Application

If SmartScreen knows an application you download is dangerous, it will refuse to run it and tell you the application was blocked because it is dangerous.

However, SmartScreen will also prevent unknown applications from running. If you try to run an application SmartScreen doesn’t recognize, you’ll see a message saying “Windows protected your PC” and inform you that running the application could put your PC at risk.

SmartScreen may be unfamiliar with the application because it’s a new and exotic malware program, or it may just be because it’s a niche program few people use. If you’re confident the program you want to use is safe, you can click the “More info” link in this popup and then click “Run anyway” to bypass the SmartScreen warning.

What About Privacy?

SmartScreen has to talk to MIcrosoft’s servers to check whether the applications you download are safe or not. Microsoft lists all the information SmartScreen sends here. When you download an application, Windows sends the download URL, a hash of the full application file, digital signature information, file size, hosting IP address, and “some additional data” to the application reputation service. The service then responds and tells SmartScreen whether the file is known-good, known-bad, or unknown.

When you visit a website in Microsoft Edge, Windows checks the address against a downloaded list of high-traffic, popular web addresses stored on your PC. If it matches, Windows doesn’t check it any further. If the address doesn’t appear in the list, Windows sends the address to the URL reputation service. The service then responds and tells SmartScreen whether the website is known to be dangerous or not. If it is, Microsoft Edge displays a warning message. This is similar to how the Google Safe Browsing service works in Google Chrome, Mozilla Firefox, and Apple Safari.

Some people have raised concerns that Microsoft could track which applications particular PCs run. Microsoft responded to these concerns, saying they’re not building a database of programs linked to specific users:

“We can confirm that we are not building a historical database of program and user IP data. Like all online services, IP addresses are necessary to connect to our service, but we periodically delete them from our logs. As our privacy statements indicate, we take steps to protect our users’ privacy on the backend. We don’t use this data to identify, contact or target advertising to our users and we don’t share it with third parties.”

At the end of the day, SmartScreen is a security feature, so we recommend keeping it around.

How to Disable SmartScreen

Many people, however, will want to disable SmartScreen. Again: we don’t recommend doing so, as it’s a helpful additional layer of security that can protect your PC. SmartScreen still allows you to run unknown applications — it just takes two additional clicks. And, if SmartScreen blocks something, it’s almost guaranteed to be a malicious program you shouldn’t run.

However, you can disable SmartScreen if you want to. On Windows 10’s Creators Update, you’ll find SmartScreen options at Windows Defender Security Center > App & browser control. On Windows 8, you’ll find these options at Control Panel > System and Security > Action Center > Security > Windows SmartScreen.

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Twitter.