Tag Archives: MoTW

Windows Shell Previews – Restricted

Windows users who installed the October 2025 Security Updates may have noticed an unexpected change if they use the Windows Explorer preview pane. When previewing many downloaded files, the preview is now replaced with the following text: While it also occurs when viewing files on remote Internet Zone file shares, the problem doesn’t occur forContinue reading “Windows Shell Previews – Restricted”

Debugging Chromium

A customer recently complained that after changing the Windows Security Zone Zone configuration to Disable launching apps and unsafe files: … trying to right-click and “Save As” on a Text file loaded in Chrome fails in a weird way. Specifically, Chrome’s download manager claims it saved the file (with an incorrect “size” that’s actually theContinue reading “Debugging Chromium”

Mark-of-the-Web: Real-World Protection

Two years ago, I wrote up some best practices for developers who want to take a file’s security origin into account when deciding how to handle it. That post was an update of a post I’d written six years prior explaining how internet clients (e.g. browsers) mark a file to indicate that it originated fromContinue reading “Mark-of-the-Web: Real-World Protection”

Attack Techniques: Trojaned Clipboard

Today in “Attack techniques so stupid, they can’t possibly succeed… except they do!” — the trojan clipboard technique. In this technique, the attacking website convinces the victim to paste something the site has silently copied to the user’s clipboard into a powerful and trusted context. A walkthrough of this attack can be found in theContinue reading “Attack Techniques: Trojaned Clipboard”

SmartScreen Application Reputation, with Pictures

Last Update: Sept 3, 2025 I’ve previously explained how Chromium-based browsers assign a “danger level” based on the type of the file, as determined from its extension. Depending on the Danger Level, the browser may warn the user before a file download begins in order to confirm that the user really wanted a potentially-dangerous file.Continue reading “SmartScreen Application Reputation, with Pictures”