Microsofts Smartscreen Warning for downloaded files
Starting an app downloaded from the internet may result in a warning. The origin of this warning is the Microsoft Defender Smartscreen. This article gives users an explanation of what this warning means and a tip for developers how to avoid it.
What means this warning
Starting an app downloaded from the internet may result in this warning:
Windows SmartScreen prevent an unrecognized app from starting. Running this app might put your PC at risk.
This sounds dangerous. But indeed it's not. According to Microsoft it's a warning if an app wasn't downloaded so often and therefor didn't gained so much reputation. Original Microsoft description:
Application Reputation warnings are meant to indicate when applications do not have known positive reputation. This doesn’t mean that the application is malicious, only that it is “unknown.” Users can still proceed to download and run the application.
To avoid this warning, the app have to be signed using a valid digital certificate. Such a certificate have to be purchased and costs about USD 500 per year. For low cost apps or free apps this is absolutly impossible for this price.
Original Microsoft description:
If establishing reputation immediately is critical, you may want to consider investing in an EV Authenticode certificate. A valid EV Authenticode certificate can immediately establish reputation with SmartScreen reputation services even if no prior reputation exists. In order to be considered a valid EV certificate, the certificate must be issued by a Certificate Authority that is authorized by the Microsoft Trusted Root Certificate Program and recognized as an Extended Validation issuer.
How to run the app despite the warning?
Simply click More info and then Run anyway as described in the screenshots below.
How to avoid this warning
Most browsers add additional information in the Alternative Data Stream (ADS) to each file downloaded from the Internet. ADS is a feature of the NTFS file system. These additional information can be discovered with the Streams Tool from the Sysinternals Suite.
These Zone.Identifier are automatically removed after the first start of the app. However, it can also be removed manually in the file properties. Just tick the Unblock checkbox like in the screenshot below.
Packing executable files into ZIP-files will help only if a ZIP-handling software is installed. The Windows internal ZIP-feature copies the additional information from the ADS of the ZIP-file to every extracted file.
Fortunately, Microsoft offers a form where you can submit files for scan. But this will work only if the file got already some downloads recognized by Smartscreen. How many downloads is unknown. Some people reported a few dozens and others a few hundreds. I was able to get that right after 2 days and only one single download. You have to create a Microsoft account and visit the following link: https://www.microsoft.com/en-us/wdsi/filesubmission
In the following form you have to fill:
- Select the Microsoft security product used to scan the file - Select: "Microsoft Defender Smartscreen"
- Company Name - Enter anything
- Select the file - Select the file in question
- Incorrectly detected as malware/malicious - Set the checkmark
- Detection name / Additional information - Enter: Windows SmartScreen prevent an unrecognized app from starting.
After submitting this form you will get a notification email about the receipt of this submission and after a few hours you might get another email about the completation of the analysation. This email contains a link to a page with the analyst comments. There you should read:
The warning you experienced indicates that the application had not established reputation with the Microsoft Defender SmartScreen Application Reputation feature at that time. We can confirm that the application <APP NAME> has since established reputation and attempting to download or run the application should no longer show any warnings.
Now the Smartscreen warning should be gone for every download of the same file. But you will get the warning again as soon as you modify the file on the server.
Categories: Windows Uncategorized