Tag Archives: SmartAppControl

Security Software False Positives

Software developers and end-users are often interested in understanding how to resolve incorrect detections from their antivirus/security software, including Microsoft Defender. Such False Positives (FPs) can disrupt your use of your device by incorrectly blocking innocuous files or processes. However, you should take extreme care before concluding that a given detection is a false positiveContinue reading “Security Software False Positives”

Runtime Signature Checking Threat Model

Telerik developers recently changed Fiddler to validate the signature on extension assemblies before they load. If the assembly is unsigned, the user is presented with the following message: In theory, this seems fine/good– signing files is a good thing! However, it’s important to understand the threat model and tradeoffs here. Validating signatures every time aContinue reading “Runtime Signature Checking Threat Model”

Authenticode in 2024

My 2021-2024 Authenticode certificate expired yesterday, so I began the process of getting a replacement last week. As in past years, I again selected a 3 year OV certificate from DigiCert. Validation was straightforward. After placing my order, I got a request for high-resolution photos of me holding my ID (I sent my passport andContinue reading “Authenticode in 2024”

SmartScreen Application Reputation, with Pictures

Last Update: Sept 3, 2025 I’ve previously explained how Chromium-based browsers assign a “danger level” based on the type of the file, as determined from its extension. Depending on the Danger Level, the browser may warn the user before a file download begins in order to confirm that the user really wanted a potentially-dangerous file.Continue reading “SmartScreen Application Reputation, with Pictures”

Downloads and the Mark-of-the-Web

Last update: October 28, 2025 Background To help protect the user and their device, Windows and its applications will often treat files originating from the Internet more cautiously than files generated locally. The Windows Security Zones determination process is most directly implemented by the MapURLToZone API; that API accepts a URL or a file pathContinue reading “Downloads and the Mark-of-the-Web”