Free call

SmartScreen Bypass = strange?

7. July 2019

During my last assessment, I noticed some strange behavior with Microsoft’s SmartScreen feature.
Basically, this security feature should block the execution of untrusted files from the Internet(more information).

In fact, the execution of untrusted applications is blocked when trying to open them via the GUI(file explorer).

However, the execution is not blocked when opening the application via a command line tool like cmd or powershell xD

I have already tweeted about this behavior and  Matt had a logical response for this behavior.

Still, I find this behavior funny and think that most admins don’t know this. That’s why I decided to write this short post.

Similar posts

CVE-2009-1437: RCE in CoolPlayer+ <= 2.19.6 (Windows 10 Pro)

While doing my preperation for the OSCE i found an nbsp exploit for the coolpalyer+ version 2 19 1 from [...]

Read more

19. February 2018

Vulnerability: Local Buffer Overflow in Personal FTP Server 8.0f(g)

nbsp Vulnerable software FTP server 8 0f g Vulnerability Local Buffer Overflow SEH protected gt Code Execution Time Line [...]

Weiterlesen

20. February 2018

CVE-2018-16231: Remote DoS in Personal FTP Server <= 8.4f

CVE CVE 2018 16231 Vulnerable software FTP server lt = 8 4f Vulnerability Remote denial of service Timeline 30 01 [...]

Read more

25. August 2018

CVE-2018-7272: AM 5.0.0, 5.1.0

CVE CVE 2018 7272 Vulnerable software AT nbsp 5 0 0 5 1 0 Vulnerability Unauthorized access Timeline 15 12 [...]

Weiterlesen

25. August 2018