How To: Test the SmartScreen Filter and Windows Defender Detection Scenarios

How To: Test the SmartScreen Filter and Windows Defender Detection Scenarios

What is the best way to test some of the protection related features on your Windows system like SmartScreen Filter and Windows Defender?

One option, which we do not recommend -- because it is frankly very reckless -- would be to just start browsing for malicious sites and waiting for one of them to try and drop a suspicious file on your system. Or you could serve up a phishing/malware laced site in your browser ...

No - we definitely do not recommend doing something like that.

However, you should know how detection tools like the SmartScreen Filter work in Microsoft Edge and Internet Explorer. The same thing goes for Windows Defender. Don't you want to know it's prepared to react to an infected file that arrives on your system? There is something about seeing your system react to those threats that really helps the learning process.

Microsoft SmartScreen Demo Pages and the EICAR Anti-Malware Test File, come in handy because they give you a safe environment to trigger these system tools so you can see them in action.
 

Take the Tour: Microsoft SmartScreen Demo Pages

Microsoft SmartScreen Demo Pages

This index consists of test pages that will show you how the SmartScreen Filter will react to threats in both Microsoft Edge and Internet Explorer.

As you can see above, the test pages are separated into two categories with one showing how the URL reputation detection works and the other showing the same type of detection for downloadable files.

You can click on each one of them yourself to see how SmartScreen will handle the detected threat and here are some explanations of how you can interact with these pages when it is a real threat.

URL Rep Demos

Is this phishing? Alert the user to a suspicious page and ask for feedback.

SmartScreen Is this phishing? Suspicous Page Detection

This is the one scenario where you will be asked to verify if the site is safe or not and report that result back to Microsoft.

The Phishing, Malware and Exploit pages will turn your screen bright red with a warning:

SmartScreen Filter Malware, Exploit and Phishing Page Warning

The smartest move when you encounter a page that gives you a warning like this is to close your browser and not continue. However, if you are 100% confident that this site is not a threat then you can click on the More information link at the bottom for a couple of additional options:

SmartScreen Filter More Information Options on Detection Page

Again, be 100% sure that the page you are trying to reach is not a threat and select to either report that back to Microsoft or go ahead to the site. As you can see that is not recommended - do not visit that page just because you want to go there and browse it.

A very large portion of computer security is using that organ that is between your ears and your mouse clicking finger - your brain!

The Malvertising demo will show you an ad based threat in its own frame that has been detected and blocked:

SmartScreen Filter Malvertising Protection Demo

Finally, the Blocked Download will show you how any Internet downloads are blocked when they are detected by the SmartScreen Filter:

SmartScreen Filter Blocked Download

App Rep Demos

The last three SmartScreen Filter demos are for downloaded files and show you how your system will react to known good, unknown or known malware programs. Remember, you can click on the demos alongside of this article or on your own to see the protection in action on your system.

Of course, a known good program that does not contain a threat will download normally and be saved to your system in your Download folder so there is no need to show what that looks like here and you can click that demo and download the file if you want to see it in action. However, it is likely you have already done this many times in the past.

Unknown Program
Unknown Program Application Reputation

As you can see this is detected as a file that is not commonly downloaded and you are warned that it can cause harm. You have three options and again must engage the brain to evaluate where you are downloading the file from and if that is a safe source. You must be 100% sure about these details otherwise abandon the download and delete it from your system.

Known Malware

SmartScreen Filter Known Malware File

This warning means that the file you just downloaded matches a known signature for a malicious file. As you can see there are only two options - delete it or view your downloads folder.

Once again, if you have any doubt about the origin of this file or the site you are trying to download it from then delete it and protect your system.

Even the files that get downloaded with warnings from SmartFilter get tagged in the download folder as you view them:

Download Folder with SmartScreen Filter Warnings

Go ahead and click on one of these demo files and see what happens - after the warning pops up click on the More info link.

SmartScreen Filter Malicious File Warning

You will see this dialog box with an option to ignore this, which is at least the third warning about an infected file, and go ahead and run the file. Hopefully, three distinct warnings at this point will deter your intent to use this file - at least it should. However, this is any aware you are in control and Microsoft will let you ruin the file anyway despite their best efforts to warn you about the risk.

Take the Tour: EICAR Anti-Malware Test File

As a prosumer or IT Pro, you certainly do not want to be sending and receiving live virus samples to test Windows Defender however, the EICAR Test File can be used to safely test Windows Defender's detection process.

As the Microsoft Malware Protection Center states this is not a malicious file but is used to check that your security software is working.

As you can see, any attempts I made to download the file triggered an alert from Windows Defender in my Alert Center and also quarantined the file on the system - the exact same process that would occur if you encountered a real threat.

Here are the detection alerts in Action Center on Windows 10:

Action Center Windows Defender Malware Detection Alerts

This is the History tab in Windows Defender showing you the quarantined files that were detected on your system.

Windows Defender Quarantined History Page

After these files are no longer a threat you can delete them from your system on this same page in Windows Defender.

So hopefully these test pages give you a sense of how your system will react when threats are detected and give you an opportunity to practice dealing with those threats and the related alerts on your system.

As I said earlier, protecting yourself on the Internet from threats is a combination of using security software and employing the gray matter between your ears to avoid suspicious websites and downloads. Tools like the SmartScreen Filter in Microsoft Edge and Internet Explorer plus Windows Defender can go a long way to help protect us but if we ignore those warnings on multiple levels that is a recipe for disaster.

In that case I hope you have a functioning backup of all your important documents and software because you are eventually going to need them.

Stay safe, educated and protected out there!

But, wait...there's probably more so be sure to follow me on Twitter and Google+.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish