{"id":7390,"date":"2019-07-07T11:00:42","date_gmt":"2019-07-07T09:00:42","guid":{"rendered":"https:\/\/hansesecure.de\/2019\/07\/smartscreen-bypass-strange\/"},"modified":"2023-06-12T14:11:43","modified_gmt":"2023-06-12T12:11:43","slug":"smartscreen-bypass-strange","status":"publish","type":"post","link":"https:\/\/hansesecure.de\/en\/2019\/07\/smartscreen-bypass-strange\/","title":{"rendered":"SmartScreen Bypass = strange?"},"content":{"rendered":"<p>During my last assessment, I noticed some strange behavior with Microsoft&#8217;s SmartScreen feature.<br \/>\nBasically, this security feature should block the execution of untrusted files from the Internet<a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/windows-defender-smartscreen\/windows-defender-smartscreen-overview\" target=\"_blank\" rel=\"noopener noreferrer\">(more information<\/a>).<\/p>\n<p>In fact, the execution of untrusted applications is blocked when trying to open them via the GUI(file explorer).<\/p>\n<p><a href=\"https:\/\/hansesecure.de\/wp-banane\/uploads\/2019\/05\/smartscreen_block.png\"><img fetchpriority=\"high\" decoding=\"async\" class=\"aligncenter wp-image-1086\" src=\"https:\/\/hansesecure.de\/wp-banane\/uploads\/2019\/05\/smartscreen_block-300x161.png\" alt=\"\" width=\"400\" height=\"215\"><\/a><\/p>\n<p>However, the execution is not blocked when opening the application via a command line tool like cmd or powershell xD<\/p>\n<p><a href=\"https:\/\/hansesecure.de\/wp-banane\/uploads\/2019\/05\/smartscreen_unblocked.png\"><img decoding=\"async\" class=\"aligncenter wp-image-1087\" src=\"https:\/\/hansesecure.de\/wp-banane\/uploads\/2019\/05\/smartscreen_unblocked-300x119.png\" alt=\"\" width=\"400\" height=\"158\"><\/a><\/p>\n<p>I have already <a href=\"https:\/\/twitter.com\/HanseSecure\/status\/1125872205466939392?s=19\" target=\"_blank\" rel=\"noopener noreferrer\">tweeted<\/a> about this behavior and&nbsp; Matt had a logical <a href=\"https:\/\/twitter.com\/enigma0x3\/status\/1126146280043028481\" target=\"_blank\" rel=\"noopener noreferrer\">response<\/a> for this behavior.<\/p>\n<p>Still, I find this behavior funny and think that most admins don&#8217;t know this. That&#8217;s why I decided to write this short post.<\/p>\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>During my last assessment, I noticed some strange behavior with Microsoft&#8217;s SmartScreen feature. Basically, this security feature should block the execution of untrusted files from the Internet(more information). In fact, the execution of untrusted applications is blocked when trying to open them via the GUI(file explorer). However, the execution is not blocked when opening the [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":7030,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[261],"tags":[290,266],"class_list":["post-7390","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vulnerabilities","tag-microsoft-en-2","tag-migration-en"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>SmartScreen Bypass = strange? &#8211; HanseSecure GmbH<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hansesecure.de\/en\/2019\/07\/smartscreen-bypass-strange\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SmartScreen Bypass = strange? &#8211; HanseSecure GmbH\" \/>\n<meta property=\"og:description\" content=\"During my last assessment, I noticed some strange behavior with Microsoft&#8217;s SmartScreen feature. Basically, this security feature should block the execution of untrusted files from the Internet(more information). In fact, the execution of untrusted applications is blocked when trying to open them via the GUI(file explorer). However, the execution is not blocked when opening the [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hansesecure.de\/en\/2019\/07\/smartscreen-bypass-strange\/\" \/>\n<meta property=\"og:site_name\" content=\"HanseSecure GmbH\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/facebook.com\/hansesecure\" \/>\n<meta property=\"article:published_time\" content=\"2019-07-07T09:00:42+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-12T12:11:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/hansesecure.de\/wp-content\/uploads\/2019\/07\/blog-smart-screen.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"HanseSecure\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberWarship\" \/>\n<meta name=\"twitter:site\" content=\"@CyberWarship\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"HanseSecure\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2019\\\/07\\\/smartscreen-bypass-strange\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2019\\\/07\\\/smartscreen-bypass-strange\\\/\"},\"author\":{\"name\":\"HanseSecure\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#\\\/schema\\\/person\\\/6ec6ef4887ff2fc97a14f1a7f390f593\"},\"headline\":\"SmartScreen Bypass = strange?\",\"datePublished\":\"2019-07-07T09:00:42+00:00\",\"dateModified\":\"2023-06-12T12:11:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2019\\\/07\\\/smartscreen-bypass-strange\\\/\"},\"wordCount\":114,\"publisher\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2019\\\/07\\\/smartscreen-bypass-strange\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/blog-smart-screen.jpg\",\"keywords\":[\"microsoft\",\"Migration\"],\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2019\\\/07\\\/smartscreen-bypass-strange\\\/\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2019\\\/07\\\/smartscreen-bypass-strange\\\/\",\"name\":\"SmartScreen Bypass = strange? &#8211; HanseSecure GmbH\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2019\\\/07\\\/smartscreen-bypass-strange\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2019\\\/07\\\/smartscreen-bypass-strange\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/blog-smart-screen.jpg\",\"datePublished\":\"2019-07-07T09:00:42+00:00\",\"dateModified\":\"2023-06-12T12:11:43+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2019\\\/07\\\/smartscreen-bypass-strange\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hansesecure.de\\\/en\\\/2019\\\/07\\\/smartscreen-bypass-strange\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2019\\\/07\\\/smartscreen-bypass-strange\\\/#primaryimage\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/blog-smart-screen.jpg\",\"contentUrl\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/blog-smart-screen.jpg\",\"width\":400,\"height\":300},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2019\\\/07\\\/smartscreen-bypass-strange\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SmartScreen Bypass = strange?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/\",\"name\":\"HanseSecure GmbH\",\"description\":\"Choose the Intruder\",\"publisher\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#organization\",\"name\":\"HanseSecure GmbH\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/cropped-000-LOGO-intensiv-schwarz-rot-HanseSecure_LOGO_CTI_Vektor_rotes_H11806.png\",\"contentUrl\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/cropped-000-LOGO-intensiv-schwarz-rot-HanseSecure_LOGO_CTI_Vektor_rotes_H11806.png\",\"width\":512,\"height\":512,\"caption\":\"HanseSecure GmbH\"},\"image\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/facebook.com\\\/hansesecure\",\"https:\\\/\\\/x.com\\\/CyberWarship\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/hansesecure\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCAABbKOA_stDFkEKS3MSF7Q\",\"https:\\\/\\\/www.instagram.com\\\/hansesecure\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#\\\/schema\\\/person\\\/6ec6ef4887ff2fc97a14f1a7f390f593\",\"name\":\"HanseSecure\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g\",\"caption\":\"HanseSecure\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SmartScreen Bypass = strange? &#8211; HanseSecure GmbH","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hansesecure.de\/en\/2019\/07\/smartscreen-bypass-strange\/","og_locale":"en_US","og_type":"article","og_title":"SmartScreen Bypass = strange? &#8211; HanseSecure GmbH","og_description":"During my last assessment, I noticed some strange behavior with Microsoft&#8217;s SmartScreen feature. Basically, this security feature should block the execution of untrusted files from the Internet(more information). In fact, the execution of untrusted applications is blocked when trying to open them via the GUI(file explorer). However, the execution is not blocked when opening the [&hellip;]","og_url":"https:\/\/hansesecure.de\/en\/2019\/07\/smartscreen-bypass-strange\/","og_site_name":"HanseSecure GmbH","article_publisher":"https:\/\/facebook.com\/hansesecure","article_published_time":"2019-07-07T09:00:42+00:00","article_modified_time":"2023-06-12T12:11:43+00:00","og_image":[{"width":400,"height":300,"url":"https:\/\/hansesecure.de\/wp-content\/uploads\/2019\/07\/blog-smart-screen.jpg","type":"image\/jpeg"}],"author":"HanseSecure","twitter_card":"summary_large_image","twitter_creator":"@CyberWarship","twitter_site":"@CyberWarship","twitter_misc":{"Written by":"HanseSecure","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hansesecure.de\/en\/2019\/07\/smartscreen-bypass-strange\/#article","isPartOf":{"@id":"https:\/\/hansesecure.de\/en\/2019\/07\/smartscreen-bypass-strange\/"},"author":{"name":"HanseSecure","@id":"https:\/\/hansesecure.de\/en\/#\/schema\/person\/6ec6ef4887ff2fc97a14f1a7f390f593"},"headline":"SmartScreen Bypass = strange?","datePublished":"2019-07-07T09:00:42+00:00","dateModified":"2023-06-12T12:11:43+00:00","mainEntityOfPage":{"@id":"https:\/\/hansesecure.de\/en\/2019\/07\/smartscreen-bypass-strange\/"},"wordCount":114,"publisher":{"@id":"https:\/\/hansesecure.de\/en\/#organization"},"image":{"@id":"https:\/\/hansesecure.de\/en\/2019\/07\/smartscreen-bypass-strange\/#primaryimage"},"thumbnailUrl":"https:\/\/hansesecure.de\/wp-content\/uploads\/2019\/07\/blog-smart-screen.jpg","keywords":["microsoft","Migration"],"articleSection":["Vulnerabilities"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/hansesecure.de\/en\/2019\/07\/smartscreen-bypass-strange\/","url":"https:\/\/hansesecure.de\/en\/2019\/07\/smartscreen-bypass-strange\/","name":"SmartScreen Bypass = strange? &#8211; HanseSecure GmbH","isPartOf":{"@id":"https:\/\/hansesecure.de\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/hansesecure.de\/en\/2019\/07\/smartscreen-bypass-strange\/#primaryimage"},"image":{"@id":"https:\/\/hansesecure.de\/en\/2019\/07\/smartscreen-bypass-strange\/#primaryimage"},"thumbnailUrl":"https:\/\/hansesecure.de\/wp-content\/uploads\/2019\/07\/blog-smart-screen.jpg","datePublished":"2019-07-07T09:00:42+00:00","dateModified":"2023-06-12T12:11:43+00:00","breadcrumb":{"@id":"https:\/\/hansesecure.de\/en\/2019\/07\/smartscreen-bypass-strange\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hansesecure.de\/en\/2019\/07\/smartscreen-bypass-strange\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hansesecure.de\/en\/2019\/07\/smartscreen-bypass-strange\/#primaryimage","url":"https:\/\/hansesecure.de\/wp-content\/uploads\/2019\/07\/blog-smart-screen.jpg","contentUrl":"https:\/\/hansesecure.de\/wp-content\/uploads\/2019\/07\/blog-smart-screen.jpg","width":400,"height":300},{"@type":"BreadcrumbList","@id":"https:\/\/hansesecure.de\/en\/2019\/07\/smartscreen-bypass-strange\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/hansesecure.de\/en\/"},{"@type":"ListItem","position":2,"name":"SmartScreen Bypass = strange?"}]},{"@type":"WebSite","@id":"https:\/\/hansesecure.de\/en\/#website","url":"https:\/\/hansesecure.de\/en\/","name":"HanseSecure GmbH","description":"Choose the Intruder","publisher":{"@id":"https:\/\/hansesecure.de\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hansesecure.de\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hansesecure.de\/en\/#organization","name":"HanseSecure GmbH","url":"https:\/\/hansesecure.de\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hansesecure.de\/en\/#\/schema\/logo\/image\/","url":"https:\/\/hansesecure.de\/wp-content\/uploads\/2023\/05\/cropped-000-LOGO-intensiv-schwarz-rot-HanseSecure_LOGO_CTI_Vektor_rotes_H11806.png","contentUrl":"https:\/\/hansesecure.de\/wp-content\/uploads\/2023\/05\/cropped-000-LOGO-intensiv-schwarz-rot-HanseSecure_LOGO_CTI_Vektor_rotes_H11806.png","width":512,"height":512,"caption":"HanseSecure GmbH"},"image":{"@id":"https:\/\/hansesecure.de\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/facebook.com\/hansesecure","https:\/\/x.com\/CyberWarship","https:\/\/www.linkedin.com\/company\/hansesecure","https:\/\/www.youtube.com\/channel\/UCAABbKOA_stDFkEKS3MSF7Q","https:\/\/www.instagram.com\/hansesecure\/"]},{"@type":"Person","@id":"https:\/\/hansesecure.de\/en\/#\/schema\/person\/6ec6ef4887ff2fc97a14f1a7f390f593","name":"HanseSecure","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g","caption":"HanseSecure"}}]}},"_links":{"self":[{"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/posts\/7390","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/comments?post=7390"}],"version-history":[{"count":1,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/posts\/7390\/revisions"}],"predecessor-version":[{"id":7391,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/posts\/7390\/revisions\/7391"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/media\/7030"}],"wp:attachment":[{"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/media?parent=7390"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/categories?post=7390"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/tags?post=7390"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}