Microsoft Defender SmartScreen Frequently Asked Questions

Online phishing (pronounced "fishing") is a method of identity theft that tricks you into revealing your personal or financial information. Phishers use phony websites or deceptive email messages that mimic trusted businesses and brands in order to steal your personally identifiable information, such as usernames, passwords, credit card numbers, Social Security numbers, etc. If you receive an email asking you to provide this type of information or navigate to a website that is asking for this type of information, do not provide your information.

Malicious software or malware is software which is deceptive about functionality and is a security risk or a privacy risk. The term malicious software or malware refers to programs that demonstrate illegal, viral, fraudulent, or malicious behavior. For example, viruses, worms, and Trojan horses are malicious software.

Malicious advertising - also referred to as malvertising - is a scenario where an attacker has submitted malicious content to an online advertising network, which is then hosted by a benign website. Microsoft Defender SmartScreen helps protect users from malvertising by warning consumers when malicious advertisements are detected on a site. The SmartScreen warning page will indicate which malicious content was blocked, as well as the site on which it was hosted.

Microsoft Defender SmartScreen is a feature of Windows, Internet Explorer, and Microsoft Edge. It is designed to help protect you from websites Microsoft believes are fraudulent that try to steal your personal information. In Internet Explorer 8 and later, SmartScreen also helps protect you from downloading malicious software.

Microsoft Defender SmartScreen helps to protect you in these key ways:

1. IE7 and later: Microsoft Defender SmartScreen can check sites (URLs) you visit against a dynamic, online list of reported phishing sites. If it finds a match, SmartScreen will provide you a warning notifying you that the site has been reported as potentially unsafe.
2. IE8 and later: Microsoft Defender SmartScreen can check site information (URLs) for sites you visit or files that you download from the web against a dynamic, online list of reported malicious software sites. If it finds a match, SmartScreen will warn you that the download has been reported as potentially unsafe.
3. IE9 and later: Information about downloaded files, such as a hash of the file and the file’s digital signature, may be checked against an online service to determine the reputation of the downloaded program. If the file does not have established reputation - and therefore is a higher risk of being malicious - you are shown a warning.
4. Microsoft Edge: Microsoft Defender SmartScreen can check sites (URLs) against a dynamic, online list of reported phishing, malware, exploit, and scam sites. Information about downloaded files, such as a hash of the file and the file’s digital signature, may be checked against an online service to determine the reputation of the downloaded program.

Internet Explorer displays the "Are you trying to visit this website?" fly-out ("This might not be the site you want" in Microsoft Edge) when a suspicious website has some of the typical characteristics of unsafe websites, but it is not on the list of reported unsafe websites. The website might be legitimate, but you should be cautious about entering any personal or financial information unless you are certain that the site is trustworthy.

You can help Microsoft evaluate this website by providing appropriate feedback using the links provided.

A reported unsafe website has been confirmed by reputable sources as fraudulent or linking to malicious software and has been reported to Microsoft. We recommend you do not give any information to such websites.

Microsoft Defender SmartScreen uses an SSL web connection to send website addresses to Microsoft. For more information about what data is sent and how it is used, see the appropriate privacy policy documentation for your version of Internet Explorer.

• Internet Explorer 8 Privacy Policy
• Internet Explorer 9 Privacy Statement
• Internet Explorer 10 Privacy Statement
• Microsoft Privacy Statement

From the warning, you can choose to report this site as a safe site. Click the link for More information then click Report that this site does not contain threats. Follow the instructions on the feedback site to complete this process.

In Windows Internet Explorer 7, click the Tools menu, point to Phishing Filter, and then click Report Unsafe Website.

In Windows Internet Explorer 8, click the Safety menu, point to SmartScreen Filter, and then click Report Unsafe Website.

In Windows Internet Explorer 9 and 10, click the Tools button, point to Safety, and then click Report Unsafe Website.

In Microsoft Edge, click the ... button, then Send feedback, and Report Unsafe site.

Our goal is to minimize false warnings or blocks. In the rare case of a false warning, we offer a web-based feedback system to help users and website owners report any errors as quickly as possible. These reports are verified by our support team and mistakes are corrected.

You can immediately submit a request for a correction. Microsoft Defender SmartScreen has a built-in, web-based feedback system in place to help customers and website owners report any potential false warnings as quickly as possible. In Windows Internet Explorer, from a red warning, click More information then Report that this site contains no threats. This will take you to a feedback page where you can indicate you are a site owner or representative. Follow the instructions and provide the information on this site to submit a site for review.

To report feedback from the Internet Explorer Download Manager, Right-click on the blocked download and choose Report that this file is safe. This will take you to the feedback page.

Once a dispute is submitted, a team of graders inspects the site in question. All disputes should be submitted through the website reporting process to ensure the quickest resolution.

In Microsoft Edge, click More information then Report that this site does not contain threats.

In Windows Internet Explorer 7, click the Tools menu, point to Phishing Filter, and then click Turn off Automatic Website Checking. In the dialog box that appears, select Turn off automatic Phishing Filter and click OK.

In Windows Internet Explorer 8, click the Safety menu, point to SmartScreen Filter, and then click Turn off SmartScreen Filter. In the dialog box that appears, select Turn off SmartScreen Filter and click OK.

In Windows Internet Explorer 9 and 10, click the Tools button, point to Safety, and then click Turn off SmartScreen Filter. In the dialog box that appears, select Turn off SmartScreen Filter and click OK.

In Microsoft Edge, click ..., then Settings, View advanced settings, and toggle Help protect me from malicious sites and downloads with Microsoft Defender SmartScreen to Off.

In Windows 10 Creators Update and above, go to Microsoft Defender Security Center, click App & Browser control, and select Off for SmartScreen for Microsoft Edge.

• Be defensive with your personal information.
• Navigate directly to trusted websites by entering the URL in the browser Address Bar.
• Be wary of clicking links in email messages and instant messages.
• Be cautious about providing sensitive data in an email message, instant message, or pop-up window.
• Go to websites that provide privacy statements or information on how they help protect your personal information.

• Turn on automatic website checking for Microsoft Defender SmartScreen.
• Keep your computer's software patched and current. Both your operating system and your anti-virus application must be updated on a regular basis.
• Only download updates from reputable sources. For Windows operating systems, always go to Microsoft Update. For other software, always use the legitimate websites of the company or person who produces it.
• Always think before you install something, weigh the risks and benefits, and be aware of the fine print. Does the lengthy license agreement that you don't want to read conceal a warning that you are about to install malicious software?
• Install and use a firewall. You can use the built-in software firewall under Control Panel, and there are free versions of firewalls that work on all versions of Windows.
• Prevention is always better than a cure.

Immediately do the following:

• Place a fraud alert on your credit reports. Check with your bank or financial advisor if you're not sure how to do this.
• Contact your banks and online merchants directly. Change the passwords or PINs on all your online accounts. Do not follow links in fraudulent email messages.
• Close any accounts that have been fraudulently accessed or opened.

Immediately do the following:

• File a report with the local police.
• Place a fraud alert on your credit reports. Check with your bank or financial advisor if you're not sure how to do this.
• Contact your banks and online merchants directly. Change the passwords or PINs on all your online accounts. Do not follow links in fraudulent email messages.
• Close any accounts that have been fraudulently accessed or opened.

The Microsoft Windows Malicious Software Removal Tool (available at http://www.microsoft.com/security/malwareremove/default.mspx) checks computers for infections by specific, prevalent malicious software and helps remove any infection found. Microsoft releases an updated version of this tool on the second Tuesday of each month, and as needed to respond to security incidents. The tool is available from Microsoft Update, Windows Update and the Microsoft Download Center.

There are several things you can do that can help minimize the chance of your site being flagged as suspicious. Think of these as best practices or optimal website design ethics.

• If you ask users for personal information, use HTTPS with a valid, unexpired server certificate issued by a trusted certification authority.
• Make sure that your webpage doesn't expose any cross-site scripting (XSS) vulnerabilities. Protect your site by using anti-cross-site scripting functions such as those provided by the Microsoft Anti-Cross Site Scripting library.
• Use the fully-qualified domain name rather than an IP-literal address. (This means a URL should look like "microsoft.com" and not "207.46.19.30.")
• Don't encode or tunnel your URLs unnecessarily. If you don't know what this means, you probably aren't doing it.
• If you post external or third-party hosted content, make sure that the content is secure and from a known and trusted source.

In Internet Explorer, Microsoft Defender SmartScreen is fully controllable as part of the group policy support and using Internet Explorer security zone settings.

Microsoft Defender SmartScreen interrupts navigation and downloads from sites known to host malicious content, including phishing attacks. The user may elect to ignore SmartScreen warnings and continue navigation. You can use Group Policy to prevent the user from overriding SmartScreen warnings.

You can also configure Microsoft Defender SmartScreen not to check sites in the trusted zone. By default, SmartScreen does check sites that are part of the trusted zone. Each security zone in Internet Explorer can be configured individually to enable or disable SmartScreen checks. After disabling SmartScreen checks for the trusted zone, you can then add your own custom list of sites to the trusted zone for your enterprise, including sites a company has decided are "safe" or "trusted." These sites are then trusted locally by SmartScreen and are never checked automatically.

In Microsoft Edge, Microsoft Defender SmartScreen can be configured through group policy or CSPs. Full documentation of all SmartScreen policies can be found here.

As an Enterprise administrator or an individual user, you can add your own list of trusted sites for your company or yourself and then turn Microsoft Defender SmartScreen off for the Trusted Sites zone.

1. From the Internet Explorer Tools menu, click Internet Options.
2. In the Internet Options dialog box, click the Security tab.
3. Click the Trusted sites icon, and then click the Sites button.
4. In the Trusted sites dialog box, enter the website URL in the Add this website to the zone box, and then click Add. Close the box.
5. Click Custom level... and select Disable under Use SmartScreen Filter. You may have to scroll through several items.
6. Click Yes on the pop-up message.
7. Click OK.

SmartScreen Application Reputation is a new safety feature introduced in Internet Explorer 9 that provides you with more relevant information about whether a downloaded program is a higher risk to your computer. Information about an application is checked against our online service to determine its reputation. You are shown warnings only when a downloaded program does not have established reputation.

Application Reputation is a feature in Microsoft Edge for unsafe downloads. As of Windows 8, it is also a feature in Windows, warning users when executing unsafe files from the Internet.

Microsoft Defender SmartScreen uses information from Internet Explorer, Microsoft Edge, and Windows users around the world as well as anti-virus results, download volumes, download history, URL reputation, and many other criteria to determine the likely risk of downloaded programs. For example, programs that are downloaded by many users over a long period of time without a history of malware are not likely to be malicious.

This warning indicates that caution should be taken before running the downloaded program, especially if the download is not digitally signed.

No - the Application Reputation warning is not an indication that the download is malicious. However, for the average Internet Explorer, Microsoft Edge, and Windows user this warning is usually associated with a download that may have a higher risk of being malicious.

There are a number of factors to take into consideration before running a program flagged by Microsoft Defender SmartScreen.

• Is the file digitally signed by a software publisher? The application reputation warning dialog will indicate if the file is not digitally signed. Most malicious programs are not signed by a publisher so be careful if you choose to ignore the warning.
• How were you directed to this download? Was the download link unsolicited, such as from an email, instant message, or social networking post? If the download link was unsolicited - even if it looks like it’s from someone you trust - it is more likely to be malicious.
• Would you expect this program to be an uncommon download? If you thought you were downloading a popular game or other program, you should be suspicious that many other Internet Explorer users have not also downloaded the program.

There are industry best practices for application developers that will affect your download's reputation and help ensure reputation is established and maintained. If your program is not digitally signed, reputation cannot automatically be shared across different versions and builds.

To help establish your application's reputation, consider doing the following:

• Digitally sign your programs with an Authenticode signature
  Reputation is generated and assigned to digital certificates as well as specific files. Digital certificates allow data to be aggregated and assigned to a single certificate rather than many individual programs. Only Authenticode Certificates issued by a Certificate Authority (CA) that is a member of the Windows Root Certificate Program can establish reputation.
• Apply for a Windows Logo
  To learn more visit the Windows Logo Program page on MSDN.

Downloads reported as unsafe by Microsoft Defender SmartScreen can be downloaded by using the following steps:

1. Copy the web address (URL) of the download or the page that hosts the download link.
2. Open Internet Explorer 10 or Microsoft Edge on the desktop.
3. Paste the URL into the address bar and hit enter. If the URL was to the page hosting the download, click on the desired download link on that web page.
4. When the Microsoft Defender SmartScreen block is shown, click View Downloads.
5. In the IE10 or Microsoft Edge Download Manager, right-click on the download and choose Download unsafe file.
6. When the file download is complete, it can be launched by right-clicking on the item again and choosing Run anyway.