Windows Defender SmartScreen – File and Flash Player blockage problem.

                          SmartScreen.gif

SmartScreen has become a part of Windows 10 OS, it was named as Windows SmartScreen. It is useful to protect not just Edge, Internet Explorer browsers but also other applications such as third-party browsers, Email Client and Apps from malicious Web link attack, malicious Web download threat. Let us have a quick look into SmartScreen functionalities: 

  • Anti-phishing and support. Microsoft SmartScreen helps to protect users from sites that are reported to host phishing attacks or attempt to distribute malicious software.  
  • Prevent drive-by attacks. Drive-by attacks are web-based attacks that tend to start on a trusted site, targeting security vulnerabilities in commonly used software. Because drive-by attacks can happen even if the user does not click or download anything on the page, the danger often goes unnoticed.  
  • Reputation-based URL and app protection. Microsoft Defender SmartScreen evaluates a website's URLs to determine if they're known to distribute or host unsafe content. It also provides reputation checks for apps, checking downloaded programs and the digital signature used to sign a file. If a URL, a file, an app, or a has an established reputation, users won't see any warnings. If, however, there's no reputation, the item is marked as a higher risk and presents a warning to the user. 
  • Improved heuristics and diagnostic data. Microsoft Defender SmartScreen is constantly learning and endeavoring to stay up to date, so it can help to protect you against potentially malicious sites and files. 
  • Blocking URLs associated with potentially unwanted applications.  software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software  

Website blacklist block example

TanTran_0-1610791137995.png

App blocked by Defender SmartScreen example: 

TanTran_0-1610792348644.png

 Starting with Windows 10 version 1703 to 2004 you will configure SmartScreen directly by Windows Defender SmartScreen  (not through Edge anymore): Administrative TemplatesWindows ComponentsWindows Defender SmartScreenMicrosoft Edge 

Submit File for Whitelisting to Microsoft Security Intelligence 

You may experience false positive block or warning by Defender SmartScreen when accessing in-house Web App's URL or Website URLs and you need to whitelist those URLs. 

General rule,  there will usually be  a direct link in the product app notification for error reporting to Microsoft Security Support. In case of Defender SmartScreen, the link shown in the notification as seen here: 

TanTran_2-1610791270287.png

You should provide the information to the Defender SmartScreen Support Team if your Site gets a false-positive alarm of blockage or gets a false positive warning of unknow web site, …, the following screenshot shown the report's content:

TanTran_3-1610791334918.png  

For download block or download warning report of false-positive, you could manually submit the sample files by accessing the WDSI Website and choose to submit as an enterprise user or a developer user. (You could also submit file as a home user too.) 

TanTran_4-1610791395160.png 

 TanTran_5-1610791458548.png

  • To upload sample file with size more than 500MB, you could compress it by Zip or RAR archive. 
  • You could report file for Blacklist to block access to it or report file for Whitelist to allow access. 

TanTran_6-1610791505824.png

  • You could submit filtering request for almost any of Microsoft's software and service as per the dropped down list of the above Form: 

TanTran_7-1610791547915.png

TanTran_8-1610791602278.png

TanTran_9-1610791639136.png

Microsoft goal is to minimize false warnings or blocks. In the rare case of a false warning, Microsoft offered a web-based feedback system to help users and website owners report any errors as quickly as possible. These reports are verified by the support team and mistakes are corrected. Enterprise Premier Customer will get the highest priority in response time. 

Flash Player should be removed from the Sites after December 2020 

  • Flash will not be disabled by default from Microsoft Edge classic (Edge legacy) or Internet Explorer 11 prior to its removal by December of 2020.  
  • Group policies are available for enterprise admins and IT pros to change the Flash behavior 

Flash will be completely removed from all browsers by December 31, 2020, via Windows Update.  Companies reliant on Flash for development and playback of content are encouraged to remove the dependency on Adobe Flash prior to December 2020. 

Reference: 

 

This article was originally published by Microsoft's Entra (Azure AD) Blog. You can find the original article here.