Network Security

In this lesson we will talk about the “SmartScreen Filter” – yet another Windows security feature that has a slightly different name depending on the application and the operating system you are using. But that’s why we are here to clarify everything, so don’t worry, you will soon understand what’s up with this feature.

In order to do that, we will start by sharing all the names this feature may have in different apps and Windows versions. After, you will learn what this security feature does and how it keeps you safe from malicious websites and files. You will also learn how Windows 8.x integrates this feature into the operating system – a subtle but important change which makes these operating systems safer than their predecessors.

Next, you will learn all the warning messages displayed by the SmartScreen Filter, how to interpret them and how to deal with them. You will also see how you can contribute and keep the web a safer place by reporting unsafe websites and web pages to Microsoft.

Last but not least, you will learn how to configure the SmartScreen Filter both in Windows 7 and Windows 8, so that it works the way you want to. By the time you’re finished, you will have complete mastery over SmartScreen and be able use it fully to your advantage.

What is the SmartScreen Filter in Windows?

The SmartScreen Filter, also known as Microsoft SmartScreen or Windows SmartScreen, depending on where you encounter it, is a security feature that was first developed for Internet Explorer. It was first introduced in Internet Explorer 8 and has been further developed and expanded ever since. All modern versions of Internet Explorer include this feature as well as Windows 8.x operating systems, which has it as part of the operating system itself.

The SmartScreen Filter analyzes all the web pages that you are visiting and the files that you are trying to download or run. If it finds them as being suspicious, you are informed about the possible risks you are exposing yourself to.

SmartScreen also has a dynamic list of reported phishing sites and malicious sites and files. If it finds a match against its database, SmartScreen will block access to the web page you are visiting or the file that you are trying to download.

SmartScreen also has an application reputation algorithm built-in, which evaluates the reputation of every file that you are downloading or running. If a file is not commonly used by other users of Microsoft products, then you are warned that you are about to download or run a potentially unsafe file.

As mentioned earlier, Windows 8.x operating systems have SmartScreen filtering at the desktop level, performing reputation checks by default on any file or application that you downloaded from the Internet. Unfortunately, this feature is not available in Windows 7. Users of that operating system are protected only when they are using Internet Explorer 8 or later.

According NSS Labs (a security research and advisory company), due to the SmartScreen Filter, Internet Explorer is the most effective browser in blocking access to socially engineered malware, with an average block rate of 99.9 percent (Source)!

How to Work with the Warnings Displayed by the SmartScreen Filter

There are several types of messages displayed by the SmartScreen Filter, depending on what you are accessing and from where. For example, if you are using the touch version of Internet Explorer 11 from Windows 8.1 and you are trying to visit a website that has been reported as unsafe, the SmartScreen Filter will block your access in a very visible way.

If you want to learn more about why you’re being warned away from that website and you press “More information,” you’ll see the types of threats that were identified on that website.

At this step you can report that the site no longer contains any threats (if that is the case and you are sure about it) or you can disregard the warning and continue to that website. Obviously, we recommend that you do not do this for your own protection. In our use of the SmartScreen Filter, we have never encountered false alarms.

The desktop version of Internet Explorer shows a very similar warning. The only difference is that you are given the option to visit your browser’s homepage instead of the page you have typed in the address bar.

If you click on “More information,” you are given the exact same options as in the touch version of Internet Explorer.

When you try to download a file that it is identified by the SmartScreen Filter as unsafe, the download is blocked and you are informed about it. This is how the warning message is looks like in the touch version of Internet Explorer.

Below you can see the same message for the same malicious file, in the desktop version of Internet Explorer.

Unlike what SmartScreen does when you visit malicious websites, you cannot continue with the download when a file is blocked and you cannot report it as being safe. The only thing you can do is close the warning.

Earlier we mentioned an application reputation algorithm being used by the SmartScreen Filter. When you download a file from the Internet and that file is not commonly downloaded and used by other Internet Explorer users, the file is downloaded but when the download is done, you are informed that the file is not commonly downloaded and could harm your computer.

You can run the file or delete it from your computer. Our advice is that, when you see this warning, first scan that file with an antivirus to confirm that everything is okay before running the file.

Below you can see the same warning as it shown in the desktop version of Internet Explorer.

Last but not least, we mentioned that the SmartScreen Filter is now embedded into Windows 8.x operating system. Basically, each time you run a file from your computer, it is automatically checked by the SmartScreen Filter to see whether it is safe or not.

When the SmartScreen Filter is not convinced that the program or app you are trying to start is safe, you are shown a warning. At this step, scan that file with an antivirus, to confirm that everything is okay, then try to run it again and click or tap “More info.”

You are shown additional information like the publisher of that file and the app/program name. Click or tap “Run anyway” and the file is run normally.

Now that you know how the SmartScreen Filter protects you and the kinds of warnings it displays, let’s see how you can contribute to this service and report unsafe websites you encounter on the Internet.

How to Report Unsafe Websites in Internet Explorer

If you encounter a web site or web page that is unsafe to you and other users, you can easily report it in Internet Explorer so that someone from Microsoft analyses it and it is added to the SmartScreen database, if appropriate.

In order to do this, click the “Tools” button found on the upper-right corner of the Internet Explorer window, go to “Safety” and select “Report unsafe website.”

The “Report a website” form is loaded in another Internet Explorer window. Here you can select why you think the visited website or web page is unsafe and the language used by it, then enter the characters you see in the captcha challenge and hit “Submit.”

The web page or the web site you have visited is now reported as a possibly unsafe website and someone from the Microsoft SmartScreen team will analyze your report.

Configuring the Way the SmartScreen Filter Works

In Windows 8.x operating systems, you can easily configure the way the SmartScreen Filter works. With one setting, you can change its behavior both in Internet Explorer and the operating system itself.

To do this, open the Control Panel and go to “System and Security.” There, click or tap “Action Center.”

On the column on the left you will see a link that says “Change Windows SmartScreen settings.”

The “Windows SmartScreen” window is now opened. Here you can choose one of three options:

  • Get administrator approval before running an unrecognized app from the Internet – this is the default setting and it means that only user accounts that are set as administrators can bypass the warnings shared by the SmartScreen Filter.
  • Warn before running an unrecognized app, but don’t require administrator approval – with this setting you allow user accounts that are not administrators to bypass the warnings shared by the SmartScreen Filter.
  • Don’t do anything – the SmartScreen Filter is turned off and it no longer works both in Windows 8.x and in Internet Explorer.

In order to apply your setting, don’t forget to click or tap “OK.”

If you are using Windows 7, you can turn the SmartScreen Filter on or off in Internet Explorer. To do this, go to the “Tools” menu on the upper-right corner. Select “Safety” and then “Turn off SmartScreen Filter” (if it is on) or “Turn on SmartScreen Filter” (if it is off).

The “Microsoft SmartScreen Filter” window is shown where you can enable or disable this security feature. In order to apply the change, click “OK.”

The SmartScreen Filter is now enabled or disabled, depending on the choice you have made.

Coming up next …

In the next lesson we will learn about the Action Center and its role in keeping Windows running smoothly and securely.