The Windows Process Journey — smartscreen.exe (Windows Defender SmartScreen)

“smartscreen.exe” is an executable which is the “Windows Defender SmartScreen”. The executable is located at “%windir%\System32\smartscreen.exe” (On 64 bit systems there is only a 64 bit version with no 32 bit version — in contrast to other executables such as cmd.exe).

SmartScreen is a cloud-based anti-phishing/anti-malware component which is included in different Microsoft products such as: Windows, Internet Explorer and Microsoft Edge (https://en.wikipedia.org/wiki/Microsoft_SmartScreen).

Microsoft Defender SmartScreen helps with determining whether a site is potentially malicious and by determining if a downloaded application/installer is potentially malicious. We can sum up the benefits of SmartScreen as follows: anti-phishing/anti-malware support, reputation-based URL/application protection, operating system integration, ease of management using group policy/Microsoft Intune and blocking URLs associated with potentially unwanted applications. (https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview).

In order to demonstrate the working of SmartScreen I have tried to download (using Edge) — you can see the warning in the left side of the screenshot below. Moreover, after downloading it using a different browser I have executed the EICAR test file — you can see the result in the left side of the screenshot below. By the way, the EICAR (European Institute from Computer Antivirus Research) test file was created to test the response of AV software (https://en.wikipedia.org/wiki/EICAR_test_file).

Lastly, we can enable/disable SmartScreen using the settings window, bot for the OS/browser (https://www.digitalcitizen.life/how-disable-or-enable-smartscreen-filter-internet-explorer-or-windows-8/). See you next time ;-)

You can also follow me on twitter — @boutnaru (https://twitter.com/boutnaru).