SmartScreen Application Reputation, with Pictures

Last Update: Sept 3, 2025

I’ve previously explained how Chromium-based browsers assign a “danger level” based on the type of the file, as determined from its extension. Depending on the Danger Level, the browser may warn the user before a file download begins in order to confirm that the user really wanted a potentially-dangerous file.

Deep in that article, I noted that Edge and Chrome can override the danger level for specific files based on the result of reputation checks against their respective security services (SmartScreen for Edge, SafeBrowsing for Chrome).

Stated another way, reputation services don’t just block download of known-unsafe files, they also smooth the download flow for known-safe files.

SmartScreen Application Reputation (AppRep) is a cloud service that maintains reputation information on billions of files in use around the world, and uses that reputation information to help keep users’ devices and personal information safe. It enhances the legacy Windows Attachment Manager security feature that shows warnings for dangerous files opened from the Internet.

To see what SmartScreen AppRep looks like, consider the case of downloading a trustworthy .EXE installer file (the Edge Canary setup program) in Edge with SmartScreen disabled and enabled.

Scenario: “Good” File

With SmartScreen disabled, we see a warning from the browser that the file could harm your device, because the .exe file type which has a danger level of ALLOW_ON_USER_GESTURE and I haven’t visited this download site before today1 in this browser profile:

Danger Level: ALLOW_ON_USER_GESTURE, not overridden

In contrast, if we enable SmartScreen and try again, this time, the new download MicrosoftEdgeSetupCanary (5).exe is not interrupted by a warning:

Default Danger Level overridden to “Allow” by SmartScreen AppRep

The new download’s default danger level was overridden by the result of SmartScreen’s reputation check on the downloaded file’s signature and hash. The result indicated that this is a known-safe signer or file:

Scenario: “Bad” File

Now, consider the case the file is known to Microsoft to be malware. If SmartScreen isn’t enabled, there’s know way for Edge to know the file is bad, so users see the same security prompt as they saw for a “Good” file:

On the other hand, if SmartScreen is enabled, AppRep reports the file is bad and the user gets a block notice in Edge.

A user may choose to override the block by choosing Keep from the context menu:

If the user chooses to Keep the file, an explanatory confirmation dialog is presented:

Scenario: “Unknown”/”Uncommon” File

In some cases, SmartScreen doesn’t have enough information to know if a file is good or bad.

If SmartScreen is disabled in Edge, the user sees the same old dialog as they saw for “Good” and “Bad” files:

However, if SmartScreen is enabled, the user sees a notice warning them that the file is uncommon

The user may elect to keep the file:

If the user chooses to Keep the file, an explanatory confirmation dialog is shown:

Windows Shell Integration

Beyond the integration into Edge, SmartScreen Application Reputation is also built into the Windows Shell. Even when you download an executable file using a non-Edge browser like Firefox or Chrome, the file is tagged with a Mark-of-the-Web (MotW).

When a MotW-adorned file is executed via the ShellExecute() API, such as when the user double-clicks in Explorer or the browser’s download manager, the SmartScreen AppRep service evaluates the file if its extension is in the list of AppRep-supported file types (.appref-ms .bat .cmd .com .cpl .dll .drv .exe .gadget .hta .js .jse .lnk .msi .msu .ocx .pif .ps1 .scr .sys .vb .vbe .vbs .vxd .website .wsf .docm).

If the file has a known “Good” reputation, no security prompt is shown. However, if it is malicious or unknown, a prompt will warn or block the file:

Prompt when AppRep service reported Unknown
Prompt when AppRep service reported Malware

In various cases, the legacy Windows Attachment Execution Services (AES) security prompt is shown instead:

… if any of the following are true:

  • If SmartScreen is disabled via the Windows Security toggle > Reputation-based Protection > Check apps and files
  • If the file’s extension is deemed High Risk but is not in the supported extensions list built into the AppRep client (.appref-ms .bat .cmd .com .cpl .dll .drv .exe .gadget .hta .js .jse .lnk .msi .msu .ocx .pif .ps1 .scr .sys .vb .vbe .vbs .vxd .website .wsf .docm)
  • If the AppRep web service responds that it does not support the specific file (e.g. as of fall 2025, an Unsupported result is expected for all .cmd, .bat, and some .js files).
  • If the invoker used the SEE_MASK_NO_UI flag when calling ShellExecuteEx
  • If the file is not located on the local machine (e.g. when running a file directly from a network share using a UNC path like \\server\share\file.exe)

If the downloaded file is manifested to “Run as Administrator”, the AES dialog isn’t shown, in favor of the UAC Elevation dialog which, somewhat unfortunately, looks less scary:

User Account Control Elevation prompt for a signed file

Scenario: User Overrides

Unless a Policy is set, the user may “click through” the warning by clicking “More Info” and then click “Run anyway.”

Scenario: Offline

If the device happens to be offline (or SmartScreen is otherwise unreachable), a local version of the dialog box is shown instead:

A Note About Windows Settings

SmartScreen’s shell integration is controlled by the Security Settings > Reputation Based Protection > Check apps and files setting:

When On, SmartScreen checks are enabled. However, you may be surprised to notice that even with this setting toggled to Off, you can still get SmartScreen warnings:

The reason is that there’s a different Windows setting, titled Choose where to get apps, and if that setting is set to either of the “Anywhere, but...” options:

… then SmartScreen is also consulted (the “Choose where to get apps” feature is implemented by calling the same web service).

A Note about Invokers

Calls to display the Windows Shell Security prompts shown above:

1) Attachment Execution Services prompt (introduced circa 2000)
2) SmartScreen AppRep prompting (introduced circa 2010 & 2018)

…are integrated into the ShellExecuteEx API, and not into other APIs like CreateProcess.

As a consequence, execution of files bearing a Mark-of-the-Web does NOT trigger security prompts or SmartScreen Web Service checks when the invoker does not call ShellExecute(). The most common such invocation is CreateProcess, which is the launch mechanism used by cmd.exe and PowerShell.

Relationship to Microsoft Defender Antivirus

Notably, SmartScreen AppRep is not antivirus. For example, if you append one byte at the end of a malicious file, its hash will change, and its reputation will move from Malicious to Unknown.

In contrast to SmartScreen AppRep, Microsoft Defender Antivirus (MDAV) is a next-generation antivirus product that scans files and observes process behavior to detect malicious code before and during execution. Unlike AppRep, MDAV can detect even previously unknown malware files by scanning them for malicious signatures and behavior.

Relationship to Microsoft Defender for Endpoint

Some Microsoft Defender for Endpoint (MDE) customers would like to suppress SmartScreen AppRep warnings on files they trust. They typically try to do so using an Allow indicator on the file’s hash or certificate.

Unfortunately, this technique does not work today– SmartScreen AppRep does not take MDE’s Custom Indicators into account.

Instead, your best bet is to ensure that the source of your trusted files is a site that has been added to Windows’s Trusted Sites or Local Intranet security zones; you can do so using the Internet Control Panel UI, or Group Policy. When you do this, files copied/downloaded from the target site will no longer be tagged with an Internet Zone Mark-of-the-Web (MotW). Without the MotW, SmartScreen checks will not be run.

Relationship to WDAC/AppControl for Business

If you enable Application Control in “signed and reputable” mode:

…and if a binary has a MotW, WDAC will check with SmartScreen AppRep for a reputation. Critically and surprisingly to some customers, however, if SmartScreen returns Unknown, and the user gets the blue prompt, the user can say “Run anyway” and WDAC will treat that action as if SmartScreen had said the file was reputable.

Relationship to Smart App Control

When Smart App Control is enabled, SmartScreen AppRep is disabled.

A Note about Reputation

The Application Reputation service builds reputation based on file hashes and the certificates used to sign those files. Because every update to a file changes its hash, this means that new files that are unsigned have no reputation by default. As a consequence, to avoid unexpected security warnings, a best practice for software developers is to sign your software using an Authenticode certificate. Because your certificate can be used to sign files for years, it will accumulate reputation that will accrue to files you sign in the future. Note that, from ~2013 to ~2019, all files signed by an Extended Validation Authenticode Certificate were given a “positive” reputation by default, but that is no longer the case — each certificate must build reputation itself.

While SmartScreen only checks the reputation of the main file that the user executes (aka its “entry point”), you should sign all files to help protect them from tampering, and to ensure your app works correctly when Windows 11’s Smart App Control feature is enabled. The Windows 11 Smart App Control feature goes further than SmartScreen and evaluates trust/signatures of all code (DLLs, scripts, etc) that is loaded by the Windows OS Loader and script engines. It also blocks certain file types entirely if the file in question originated from the Internet.

-Eric

[1] When testing this yourself, you might find that you unexpectedly still don’t get a security prompt for some files even after SmartScreen is disabled. The logic for ALLOW_ON_USER_GESTURE is quite subtle, and includes things like “Did you ever previously visit the site that triggered this download before today?

Try using the “Clear Browsing History” command (Ctrl+Shift+Del) to clear Browser History/caches before trying this scenario.

Divorce – 18 Months In

I got separated in March 2020 and finally divorced in January 2022. It was a long time in coming, but it wasn’t awesome.

In hindsight, I disassociated a bit, spreading the pain out over time rather than feeling it all at once. Immediately after our separation, I could easily distract myself for months by getting the new house in order, but I soon found myself with more time on my hands than I’d had in over a decade. The pandemic and lockdowns soon set everything askew.

I didn’t keep my separation or divorce a secret (even mentioning it here to anyone who reads my entire posts), and acquaintances I’ve known for years or decades came out of the woodwork to privately share their stories about troubled relationships. A year after we separated and a year before the final divorce paperwork, I wrote a post-mortem of my marriage, including some thoughts on the impact of social media. I challenged myself — was thinking and talking about the end of my marriage helping or hurting my mood? When I felt down, I tried to tease apart whether I was missing her, vs. missing being married at all.

Throughout 2022, I saw a counsellor on my company health plan because, well, I got divorced, and that’s what you do. I enjoyed our sessions, but mostly I just talked. And talked. And talked. I probably spoke for 55 minutes of every hour. At the end of 2022, the company switched health plan providers. My counsellor wasn’t in the new network, so further appointments would cost me around a hundred bucks an hour. While continuing our sessions might be worth it, I figured that for that much, I might find a massage and walk outside with coffee more effective for my mental health anyway. I changed my mind after my Kilimanjaro trip and decided to restart our sessions — they’re worth it.

To move forward, I knew I’d have to be more proactive about my life’s choices than I’d been in a long time. I challenged myself with each decision:What do you want more“? And I knew that moving forward meant that I needed to get comfortable with being uncomfortable. I adopted some mottos which now adorn my walls: Memento Mori. Tempus Fugit. Don’t get dead.

I started blogging more — writing is thinking, and creation is important to me. I started eating better and working out, losing 50 pounds. I made sure that I went outside every day, because “touching grass” inevitably improves my mood. I started spending money on things I wanted (house, furniture, electric car, vacations, home solar, exercise equipment) rather than trying to hoard a larger and larger pile, making a number get bigger on some website. I got a housemate, both because living with a friend is fun, and to help ensure that in a few years I wouldn’t find myself unable to live with other people. I started being more deliberate about calling family and friends to stay connected.

ProjectK gave me a guiding star on the horizon; an ambitious but achievable goal which would require achieving many sub-goals, and which would prove that I can “do big things.” Now that I’ve completed the project, I am noodling over what to pursue next.

One bittersweet element of all of these changes is my recognition that, had I made some of them earlier, at the expense of taking far more time “for myself,” I would’ve been a better and more interesting partner in my marriage.

I love my kids, and when I think back on my marriage, I try to focus my feelings toward gratitude rather than sadness.

Life is a series of ups and downs, and I have to remind myself of that almost every day.

Kilimanjaro – Coffee Tour

I woke up at 8am after a rough night’s sleep, awake for at least an hour around 3:30am, full of worries and nostalgia. Eight seemed a bit too early so I reset my watch’s alarm for 8:15, but either I failed to do so correctly or I slept through it, waking abruptly at 9 when my brother flipped on the room’s overhead lights. I was in the middle of a pleasant dream at the time, so my mood improved significantly despite the abrupt wakeup. We both dressed in a rush and hurried over to the hotel’s restaurant for breakfast, which was ending soon.

There was a good spread to choose from, and I grabbed two slices of pineapple, a peach yogurt, some dried fruit, and a cup of coffee. A chef was on hand to make us small custom omelettes which we enjoyed on the covered patio. We were amused to get a clipboard with a survey on it as we finished eating — did they confuse us for a party that’d been here for more than a few hours?

After breakfast, we stopped by the front desk to arrange a “Coffee Tour”; the concierge called around for a few minutes and we were quickly set up with a driver leaving soon after. The tour itself was just $30 apiece (including lunch), but the car and driver would cost $150. At first, this seemed a bit steep, until I realized that this wasn’t going to be a simple taxi ride– we were going in a giant Land Rover and our driver was going to be staying with us for several hours. The front desk staff considered our light shirts and suggested that we would be too cold if we didn’t wear warmer clothes, but we ignored their advice upon noticing that both were bundled up in fleece jackets despite what seemed to us to be a perfectly nice ambient temperature.

We headed back to our room for quick showers, then met our driver and drove west toward the city of Arusha.

While the drive wasn’t too far, it was slow — the speed limit on the two-lane main road was 50kph, but we rarely moved that fast, with frequent slowdowns behind trucks, motorbikes, and other slow-moving traffic. Our driver wasn’t very talkative, so we instead mostly looked out the window and pondered little mysteries, like why did so many of the roadside signs have red Xs across them?

Much later, we learned that the road is slated for widening, and X-marked signs must be moved further back.

We drove by farms (most growing sunflowers), houses, small markets, and numerous parking lots filled with a half dozen or more motorcycles with riders sitting atop chatting amongst each other. Based on the number of motorcycles we saw on the road with two or more riders, we decided these guys must be acting as single-person taxi services. Some of the loads were almost comical– one motorcycle had three riders, two on the front, and a third perched atop three enormous (50+ pound) bags of rice that were draped over the tail.

After a ride of almost half an hour, we turned off on a side street and met our guide on his motorcycle, disembarking the Land Rover to proceed on foot. We chatted as we walked down a few side streets, over a rickety wooden bridge, and went to examine some coffee plants whose cherries weren’t yet ready to harvest. There was a light drizzle and the unpaved road was steep in parts– I was glad to be wearing my boots, but wished I’d brought my hiking poles for a slick and uneven downhill portion.

We crossed a rickety bridge over a small stream next to the fields:

And a moment later we arrived at the edge of the coffee plants.

After a brief look and an obligatory selfie in front of the plants with our coffee expert:

…we headed to the “coffee factory.” The factory was not so much a factory as a small fenced compound where a small hut was set up with a table and chairs, with a mortar/pestle and a small wood-fired stove nearby. Apparently this is how they make coffee for their tourist guests and their families, but most of the harvested beans are taken to a true “factory” in the city.

The fresh beans are laid out to dry in the sun for weeks elsewhere inside the compound, but we skipped ahead to process a few pounds of dried beans. First, you use the mortar and pestle to smoosh the beans so the shell flakes off, then shake/blow the shells away:

After most of the shells blow off, you manually peel any remaining shells off the beans.

Next, you toast the beans over the fire:

After the beans are toasted, they are tossed again to remove any burned flakes of shells, then go back in the mortar to be ground into a fine powder. As the coffee was ground, our hosts danced and sang silly songs in Swahili, to which we tried to sing along.

The extremely fine powder is then put directly into a pot of boiling water — no filtration is necessary.

A bit of sugar and I was ready to enjoy a cup, about an hour and ten minutes after the preparation began:

As for the coffee itself? It was tasty, especially in the cool afternoon air, but to be completely honest the freshest cup of coffee I’ve ever had didn’t taste much different than an everyday cup. I’m no coffee connoisseur.

After drinking our coffee and packing up two bags to go, we, our driver, guide, and one of their friends headed back to the main road for lunch at a simple restaurant. We had “the brown”, a meat and rice dish said to be traditional when welcoming guests to your home. Given the option of goat or “red meat”, we picked the goat. It was tasty, simple, and not spicy.

After lunch, another half-hour’s drive brought us back to our hotel. After I enjoyed a leisurely Coke and Serengeti Lager in the bar (Jason tried a local soda), we tried out the hotel’s nice-looking pool. Alas, the water was too cold to really enjoy, so we left after 30 minutes and explored the short trail inside the wall of the hotel compound. Back in the room, I decided to wrote in my journal lest I succumb to an untimely nap. The bed was very firm, but comfortable enough that sleep beckoned as I continued to adjust to the 7-hour time change.

Frustratingly, cloud cover all day meant that we still hadn’t caught even a glimpse of Kilimanjaro. We were both excited for the next day’s mini safari — beyond the animals, surely we’d finally get our first look at our destination!

Back to the Kilimanjaro Journal Index

Attack Techniques: QR Codes

As outlined in earlier posts in this series, attackers know that security software can detect their phishing lures and block users from even seeing the lure if it contains a known-phishing URL. For example, both Windows Live and Gmail block email that is believed to contain phishing links. If your enterprise uses Microsoft Defender for Office, or you subscribe to Microsoft 365 Family, all inbound hyperlinks through Microsoft email services are rewritten to navigate through the “SafeLinks” service that performs another real-time check for malicious URLs whenever a user clicks on them.

To avoid security software, attackers try to hide URLs, using techniques like asking the user to retype URLs from an image, or sticking the link inside a password-protected PDF document, or avoid URLs by asking the user to call a phone number or send a reply email containing sensitive information.

Another technique is to send the user a QR Code. A QR Code is simply a picture that can be converted into the URL using the camera app on our now-ubiquitous mobile phones.

This QR Code points to a blog post

Users are increasingly accustomed to using QR Codes for legitimate purposes, so their use in attack scenarios won’t stand out as much as it once would have.

How does this URL-obfuscation technique benefit an attacker over a plain hyperlink?

  • Mail software can’t rewrite QR codes, so features like Microsoft SafeLinks won’t apply.
  • The use of a QR Code allows an attacker to cause the attack flow to move from a well-protected desktop to a less-protected mobile device.

    For example, users might be using a mobile web browser with weaker real-time anti-phishing reputation services than the browser on their desktop.

    That mobile browser may not be configured to proxy traffic through a secure proxy.

    Similarly, a user’s personal device might not include a password manager, making the attacker’s request for manually-typed credentials more plausible.

Someone recently tried to phish a Microsoft CTO via this approach:

Here’s a news article about a recent attack using the QR Code vector.

Update: In December 2023, the Microsoft Defender for Office 365 team outlined some of their protections against QR code phishing.

Stay safe out there — treat any QR codes received via SMS or email with extra caution. Carefully examine the url in any preview your camera app offers and check the browser’s address bar to see the final URL, because open redirectors are common, so the preview URL may be misleading.

-Eric

Enforcing SmartScreen with Policy

Microsoft Defender SmartScreen provides protection against the most common forms of attack: phishing and malware. SmartScreen support is built-in to Microsoft Edge and the Windows 8+ shell. The SmartScreen web service also powers the Microsoft Defender Browser Protection extension for Chromium-derived browsers.

While SmartScreen provides powerful controls to block attacks, the user remains in full control. SmartScreen will block Edge browsers from visiting a known-phishing site, but there’s a “Continue to this unsafe site (not recommended)” link available to override the decision:

Similarly, if a known malicious file is blocked from download in Edge, the user may use the Keep menu command to override the blocking decision:

When a known bad file is downloaded using another browser without SmartScreen built-in (e.g. Chrome), attempting to run the file via Windows Explorer will trigger a SmartScreen AppRep prompt that also includes a hidden-by-default option to run anyway:

Why Allow Overrides at all?

Digital security is an adversarial threat environment where the threats evolve rapidly in response to protection.

Threat Intelligence inherently will always include both false positives and false negatives – they will never go to zero for any real threat intelligence source.

As a consequence, products that utilize threat intelligence typically offer a mechanism for an override, either from an expert (e.g. an analyst in a Security Operations Center) or an end-user (e.g. a Windows Home user).

Most product features default to allowing an end-user override (with varying levels of advice about danger) blocks while providing IT Administrators the option to disable that user override.

Controls

But what if you’re a tech-savvy parent, child, or IT administrator who doesn’t want a less-savvy user you’re responsible for protecting to override the security protections of SmartScreen?

Here’s where Group Policy comes in. SmartScreen allows you remove these dangerous override options.

Policies can be set using various administrative tools, but these ultimately flow through to a handful of registry settings:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"EnableSmartScreen"=dword:00000001
"ShellSmartScreenLevel"="Block"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge]
"SmartScreenPuaEnabled"=dword:00000001
"SmartScreenEnabled"=dword:00000001
"PreventSmartScreenPromptOverrideForFiles"=dword:00000001
"PreventSmartScreenPromptOverride"=dword:00000001
The Edge SmartScreen policies concern behavior in the Edge Web Browser
The Explorer SmartScreen Policies concern SmartScreen Application Reputation

After these policies are set, the software’s dangerous “do it anyway” commands are removed entirely.

The Edge block page loses the “Continue” link:

When downloading malicious or unrecognized programs, the “Keep” command is disabled:

Within the Windows Shell, the “Run anyway” link or button is removed from the dialog when invoking malicious or unrecognized files downloaded via other browsers:

Pairing the powerful protections of SmartScreen with policies that ensure that only experts are in control helps you keep everyone safe.

-Eric

Note: The Chrome extension unfortunately cannot read Windows policies, so if you want to enforce its protections, you’ll need to set other registry keys.

Note: If you’re using Windows Defender Network Protection, you must use a different policy set via InTune or Set-MpPreference EnableConvertWarnToBlock to disallow users of Chrome/Firefox users from bypassing phish/malware warnings.

Note: Perhaps surprisingly, if you have Windows Defender Application Control enabled and set to use the “Signed and Reputable mode”, the Intelligent Security Graph (ISG) clause means that SmartScreen AppRep is consulted.

Critically, however, if AppRep returns “Unknown”, the user will be prompted via the blue “Windows Protected your PC” dialog. If the user chooses to “Run anyway”, the “unknown” file is treated as trusted. This may not be what you want; if you don’t, you can either choose a different configuration, or use the SmartScreen policies to remove the “Run anyway” options.

Note: Apps built atop the WebView2 control (a hosted Microsoft Edge) have an additional option to disable SmartScreen via the IsReputationCheckingRequired property; setting that property to false will bypass reputation checks even if SmartScreen is otherwise set to enabled for Edge/Store apps.