mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-14 14:27:22 +00:00
Adding content
This commit is contained in:
LizRoss
parent
5f999c112a
commit
da799a17f1
@ -0,0 +1,55 @@
|
||||
---
|
||||
title: Windows Defender SmartScreen overview (Windows 10)
|
||||
description: Conceptual info about Windows Defender SmartScreen.
|
||||
keywords: SmartScreen Filter, Windows SmartScreen
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: explore
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: eross-msft
|
||||
localizationpriority: high
|
||||
---
|
||||
|
||||
# Windows Defender SmartScreen overview
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10
|
||||
- Windows 10 Mobile
|
||||
|
||||
Windows Defender SmartScreen helps to protect your employees if they try to visit sites previously reported as phishing or malware websites, or if an employee tries to download potentially malicious files. Based on how you set up Windows Defender SmartScreen, you can show employees a warning page and let them continue to the site, or you can block the site entirely.
|
||||
|
||||
SmartScreen determines whether a site is potentially malicious by:
|
||||
|
||||
**In Microsoft Edge and Internet Explorer**
|
||||
|
||||
- Analyzing visited webpages looking for indications of suspicious behavior. If it finds suspicious pages, SmartScreen shows a warning page,advising caution.
|
||||
|
||||
- Checking the vistied sites against a dynamic list of reported phishing sites and malicious software sites. If it finds a match, SmartScreen shows a warning to let the user know that the site might be malicious.
|
||||
|
||||
**In Microsoft Edge, Internet Explorer, and 3rd-party browsers**
|
||||
|
||||
- Checking downloaded files against a list of reported malicious software sites and programs known to be unsafe. If it finds a match, SmartScreen shows a warning to let the user know that the site might be malicious.
|
||||
|
||||
- Checking downloaded files against a list of files that are well known and downloaded by many Windows users. If the file isn't on that list, SmartScreen shows a warning, advising caution.
|
||||
|
||||
>[!NOTE]
|
||||
>Before Windows 10, Version 1703 this feature was called the SmartScreen Filter when used within the browser and Windows SmartScreen when used outside of the browser.
|
||||
|
||||
## Benefits of Windows Defender SmartScreen
|
||||
Windows Defender SmartScreen helps to provide an early warning system against websites that might engage in phishing attacks or attempt to distribute malware through a socially-engineered attack. The primary benefits are:
|
||||
|
||||
- **Anti-phishing and anti-malware support.** SmartScreen helps to protect your employees from sites that are reported to host phishing attacks or attempt to distribute malicious software. It can also help protect against deceptive advertisements, scam sites, and drive-by attacks. Drive-by attacks are web-based attacks that tend to start on a trusted site, targeting security vulnerabilities in commonly-used software. Because drive-by attacks don't typically require any interaction, there's nothing to click, nothing to download, the infection is often invisible. For more info about drive-by attacks, see [Evolving Microsoft SmartScreen to protect you from drive-by attacks](https://blogs.windows.com/msedgedev/2015/12/16/smartscreen-drive-by-improvements/#3B7Bb8bzeAPq8hXE.97)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
This protection is URL reputation-based, which means that it evaluates the URLs to determine whether they are known to distribute or host unsafe content. SmartScreen also provides application reputation checks, which check the reputation of a downloaded program itself, or the digital signature that is used to sign a file. If the file or certificate has an established reputation, no warnings are shown. If the file does not have an established reputation, the user is at higher risk of malware infection and is shown a warning.
|
||||
• Integration into the operating system. As of Windows 10, SmartScreen is integrated into the operating system itself, which allows SmartScreen to protect users from running suspicious downloads, regardless of the web browser they are using or the path that the app uses to arrive on the device (for example, email, USB flash drive).
|
||||
• Heuristics and telemetry that have been enhanced over time. Heuristics and telemetry that have been enhanced over time allow SmartScreen to identify and warn users about malicious sites more quickly.
|
||||
• Management through Group Policy and Microsoft Intune. Group policy settings or Microsoft Intune settings can be used to manage SmartScreen. For more information, see Using Group Policy and Microsoft Intune to manage settings for SmartScreen, later in this topic.
|
||||
|
||||
|
||||
|
||||
>[!NOTE]
|
||||
>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
|
||||
@ -14,40 +14,72 @@ localizationpriority: high
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10
|
||||
- Windows 10 Mobile
|
||||
|
||||
Windows Defender SmartScreen helps to protect your employees if they try to visit sites previously reported as phishing or malware websites, or if an employee tries to download potentially malicious files. Based on how you set up Windows Defender SmartScreen, you can show employees a warning page, letting them continue to the site, or you can block the site entirely.
|
||||
Windows Defender SmartScreen helps to protect your employees if they try to visit sites previously reported as phishing or malware websites, or if an employee tries to download potentially malicious files. Based on how you set up Windows Defender SmartScreen, you can show employees a warning page and let them continue to the site, or you can block the site entirely.
|
||||
|
||||
SmartScreen determines whether a site is potentially malicious by:
|
||||
|
||||
- In Microsoft Edge and Internet Explorer, analyzing visited webpages looking for indications of suspicious behavior. If it finds suspicious pages, SmartScreen shows a warning page,advising caution.
|
||||
**In Microsoft Edge and Internet Explorer**
|
||||
|
||||
- In Microsoft Edge and Internet Explorer, checking the vistied sites against a dynamic list of reported phishing sites and malicious software sites. If it finds a match, SmartScreen shows a warning that the site has been blocked for your safety.
|
||||
- Analyzing visited webpages looking for indications of suspicious behavior. If it finds suspicious pages, SmartScreen shows a warning page,advising caution.
|
||||
|
||||
- In Microsoft Edge, Internet Explorer, and third-party browsers, checking downloaded files against a list of reported malicious software sites and programs known to be unsafe. If it finds a match, SmartScreen shows a warning that the site has been blocked for your safety. SmartScreen also checks the files that you download against a list of files that are well known and downloaded by many Windows users. If the file isn't on that list, SmartScreen shows a warning, advising caution.
|
||||
- Checking the vistied sites against a dynamic list of reported phishing sites and malicious software sites. If it finds a match, SmartScreen shows a warning to let the user know that the site might be malicious.
|
||||
|
||||
**In Microsoft Edge, Internet Explorer, and 3rd-party browsers**
|
||||
|
||||
- Checking downloaded files against a list of reported malicious software sites and programs known to be unsafe. If it finds a match, SmartScreen shows a warning to let the user know that the site might be malicious.
|
||||
|
||||
- Checking downloaded files against a list of files that are well known and downloaded by many Windows users. If the file isn't on that list, SmartScreen shows a warning, advising caution.
|
||||
|
||||
>[!NOTE]
|
||||
>Before Windows 10, Version 1703 this tool was called the SmartScreen Filter when used within the browser and Windows SmartScreen when used outside of the browser.
|
||||
>Before Windows 10, Version 1703 this feature was called the SmartScreen Filter when used within the browser and Windows SmartScreen when used outside of the browser.
|
||||
|
||||
## Benefits of Windows Defender SmartScreen
|
||||
Windows Defender SmartScreen helps to provide an early warning system against websites that might engage in phishing attacks or attempt to distribute malware through a socially-engineered attack. The primary benefits are:
|
||||
|
||||
- **Anti-phishing and anti-malware support.** SmartScreen helps to protect your employees from sites that are reported to host phishing attacks or attempt to distribute malicious software. It can also help protect against deceptive advertisements, scam sites, and drive-by attacks. Drive-by attacks are web-based attacks that tend to start on a trusted site, targeting security vulnerabilities in commonly-used software. Because drive-by attacks don't typically require any interaction, there's nothing to click, nothing to download, the infection is often invisible. For more info about drive-by attacks, see [Evolving Microsoft SmartScreen to protect you from drive-by attacks](https://blogs.windows.com/msedgedev/2015/12/16/smartscreen-drive-by-improvements/#3B7Bb8bzeAPq8hXE.97)
|
||||
|
||||
- **Reputation-based URL and app protection.** SmartScreen evaluates a website's URLs to determine if they're known to distribute or host unsafe content. It also provides reputation checks for apps, checking downloaded programs and the digital signature used to sign a file. If a URL, a file, an app, or a certificate have an established reputation, your employees won't see any warnings. If however there's no reputation, the item is marked as a higher risk and presents a warning to the employee.
|
||||
|
||||
- **Operating system integration.** Windows Defender SmartScreen is integrated into the Windows 10 operating system, helping to protect your employees from running suspicious downloads, regardless of the browser being used or the path used by the app to get to the device (for example, email, or a USB flash drive).
|
||||
|
||||
- **Improved heuristics and telemetry.** Improvements to SmartScreen's heuristics and telemetry help to more quickly identify and warn your employees about malicious sites.
|
||||
|
||||
- **Management through Group Policy and Microsoft Intune.** SmartScreen supports using both Group Policy and Microsoft Intune settings. For more info, see [Managing Windows Defender SmartScreen in Group Policy and Microsoft Intune](manage-windows-defender-smartscreen-using-group-policy-and-intune.md).
|
||||
|
||||
## How SmartScreen works when a user tries to run an app
|
||||
Windows Defender SmartScreen checks the reputation of any web-based app the first time it's run from the Internet, checking digital signatures and other factors against a Microsoft-maintained service. If an app has no reputation or is known to be malicious, SmartScreen can warn the employee or block the app from running entirely, depending on how you've configured the feature to run in your organization.
|
||||
By default, your employees can bypass SmartScreen protection, letting them run legitimate apps after accepting a warning message prompt. You can also use Group Policy or Microsoft Intune to block employees from using unrecognized apps, or to entirely turn off Windows Defender SmartScreen (not recommended).
|
||||
|
||||
### Use Windows Defender Security Center
|
||||
Starting with Windows 10, Version 1703 you can use Windows Defender Security Center to set up Windows Defender SmartScreen for an individual device, unless you've used Group Policy or Microsoft Intune to prevent it.
|
||||
|
||||
On an individual device, you (or a user with administrative credentials) can also use Windows Defender Security Center to configure SmartScreen, unless Microsoft Intune or Group Policy settings prevent this. Windows Defender Security Center is a new feature in Windows 10, version 1703 that allows users to control their security settings in one unified app.
|
||||
Depending on the settings you use, SmartScreen might prevent the user from continuing (“block”) or advise the user to use caution before continuing (“warn”) when it encounters an untrusted file or suspicious web page.
|
||||
Figure 1 shows Windows Defender Security Center, and Figure 2 shows the “App & browser control” inside Windows Defender Security Center.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Windows Defender SmartScreen notifies employees when they try to visit reported phishing and malware websites, or if they try to download potentially malicious files.
|
||||
|
||||
**Windows Defender SmartScreen in Microsoft Edge and Internet Explorer:**
|
||||
- While browsing the web, SmartScreen analyzes pages looking for indications that it might be suspicious. If a page is found to be potentially harmful, SmartScreen presents a warning to the employee.
|
||||
|
||||
- SmartScreen compares the sites visited by employees against a dynamic list of reported phishing and malicious software sites. If SmartScreen finds a match, it shows a warning to the employee, so the site can be avoided.
|
||||
|
||||
- SmartScreen
|
||||
|
||||
|
||||
o SmartScreen checks the sites that users visit against a dynamic list of reported phishing sites and malicious software sites. If it finds a match, SmartScreen displays a warning to let the user know that the site might be malicious. has been blocked for safety. If a user downloads a file from a reported malicious site, a warning is also displayed for the download.
|
||||
|
||||
o If a user downloads a file, SmartScreen immediately checks the file against a list of files that are well known and downloaded by Windows users. If the file isn’t on that list, SmartScreen displays a warning, and the user can avoid running the file.
|
||||
• For files downloaded through browsers other than Edge or Internet Explorer, SmartScreen still provides protections. When a user tries to run a file downloaded from the Internet, SmartScreen checks the file against a list of files that are well known and downloaded by Windows users. If the file isn’t on that list, SmartScreen displays a warning, and the user can avoid running the file.
|
||||
Note Depending on the settings you use, SmartScreen might prevent the user from continuing (“block”) or advise the user to use caution before continuing (“warn”) when it encounters an untrusted file or suspicious web page.
|
||||
Before Windows 10, version 1703, this feature was named differently. Within the browser, it was called “SmartScreen Filter,” and outside the browser, it was called “Windows SmartScreen.”
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## Windows Defender SmartScreen on Windows Mobile
|
||||
Windows Defender SmartScreen on Windows Mobile helps to provide anti-phishing protection. If SmartScreen detects malicious content on a site, it can block the site itself or in some cases just specific content on the page. Also available for Internet Explorer 11 on Windows Mobile, is the SmartScreen URL reputation filter, which blocks or warns your employees about suspicious or potentially malicious websites.
|
||||
|
||||
## Related topics
|
||||
- [Keep Windows 10 secure](https://technet.microsoft.com/itpro/windows/keep-secure/index)
|
||||
- [Security technologies in Windows 10](https://technet.microsoft.com/itpro/windows/keep-secure/security-technologies)
|
||||
- [Available policies for Microsoft Edge](https://technet.microsoft.com/itpro/microsoft-edge/available-policies)
|
||||
|
||||
|
||||
>[!NOTE]
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user