Manage Privacy: SmartScreen Filter and Resulting Internet Communication
Updated: May 18, 2016
Applies To: Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 8
In this section
Benefits and purposes of SmartScreen Filter
This section explains how SmartScreen Filter communicates across the Internet, and it explains steps to take to limit, control, or prevent that communication in an organization with many users.
The SmartScreen Filter provides an early warning system to notify users of suspicious websites that could be engaging in phishing attacks or distributing malware through a socially engineered attack.
SmartScreen Filter is one of the multiple layers of defense in the anti-phishing and malware protection strategies developed by Microsoft. For more information, see What is SmartScreen Filter? on the Microsoft website.
To connect the Microsoft SmartScreen URL Reputation Service (URS), an IPv4 connection is required.
The following list describes the enhancements that SmartScreen Filter provides:
Anti-phishing and anti-malware support. The SmartScreen Filter helps protect users from sites that are reported to host phishing attacks or distribute malicious software through socially engineered attacks. This protection is URL reputation-based, which means that it evaluates the URLs to determine whether they are known to distribute or host unsafe content. SmartScreen Filter also provides application reputation checks, which check the reputation of a downloaded program itself, or the digital signature that is used to sign a file. If the file or certificate has an established reputation, no warnings are shown. If the file does not have an established reputation, the user is at higher risk of malware infection and is shown a more severe warning. The reputation-based analysis in SmartScreen Filter is an additional layer of protection to help protect against malicious software.
Heuristics and enhanced telemetry. New heuristics combined with enhanced telemetry allow SmartScreen to identify and warn users about malicious sites more quickly.
Group Policy support. A group policy setting can be used to keep the user from managing SmartScreen Filter. If you enable this policy setting, the user is not prompted to turn on SmartScreen Filter. All website addresses that are not on the filter’s allow list are sent automatically to Microsoft without prompting the user.If you disable or do not configure this policy setting, the user is prompted to decide whether to turn on SmartScreen Filter during the first-run experience. For more information, see To Control SmartScreen Filter by using Group Policy later in this document.
In a managed environment, you can use Group Policy to control SmartScreen Filter in a variety of ways, including the following:
Prevent users from overriding or clicking through SmartScreen Filter warnings.
Turn on SmartScreen Filter so that it runs automatically.
Turn off SmartScreen Filter.
This subsection describes how SmartScreen Filter might communicate with a site on the Internet as it evaluates a website URL that a user is trying to reach.
Default settings : SmartScreen Filter is disabled unless the feature is enabled by the user or through a Group Policy setting.
Triggers : When the user visits an Internet site, the URL of the site is compared against a list of high traffic websites that is built into SmartScreen Filter. If the URL matches a site on the list, no further checks occur for that URL. If the URL does not match a site on the list and SmartScreen Filter is enabled, SmartScreen Filter sends a query to the Microsoft SmartScreen URL Reputation Service (URS). If the URS indicates that a URL is reported to be unsafe, a message is shown to warn the user about entering personal information or downloading malware. Occasionally, a telemetry report containing additional information about the site may be sent to help improve the quality of the SmartScreen services. When a program is downloaded, an application reputation check may be made which requires information about the downloaded file to be sent to the SmartScreen Application Reputation service.
Specific information sent : The following information is sent over an encrypted (HTTPS) connection to the SmartScreen services:
URL : The full request URL is included only when the site is required to be checked by the URS.
Detailed software version information : The browser version, the SmartScreen Filter version, and the version of the “high traffic site” list.
Detailed information about the URL : IP hosting the site, frame URLs, heuristics results, basic network details.
Downloaded file information : When an application reputation check is made, the download URL, a hash of the full file, information about the digital signature, and some additional data about the downloaded file, such as file size and the hosting IP, is sent.
Operating system version : The version of Windows that the browser is installed on.
Language and locale setting for the browser : The language and locale for the browser display, for example, English (United States).
Anonymous statistics about how often SmartScreen Filter is triggered : SmartScreen Filter tracks basic statistics, such as how often a warning is generated and how often a query is made to the URL Reputation Service. This statistical information is sent to Microsoft periodically, and it is used to analyze the performance and improve the quality of the SmartScreen Filter.
User notification : If SmartScreen Filter is enabled, the user is not notified when SmartScreen Filter performs a check and is notified if SmartScreen Filter detects a URL that is reported as unsafe.
Logging : By default, SmartScreen Filter does not log events. However, if you use the Application Compatibility Toolkit to enable logging for application compatibility events, SmartScreen Filter logs an event when a warning is shown for a website.
Encryption : All information that is sent to SmartScreen services is encrypted by using the HTTPS protocol.
Access : The teams that maintain SmartScreen Filter and the URL Reputation Service have access to the data that is sent to the SmartScreen services (including the anonymous statistics described earlier in this list).
Privacy : URLs that are collected may unintentionally contain personal information (depending on the design of the website that is visited). Like the other information that is sent to Microsoft, this information is not used to identify, contact, or target advertising to users. In addition, Microsoft filters address strings to remove personal information where possible.
Transmission protocol and port : The transmission protocol for any information that is transmitted to the URL Reputation Service is over HTTPS using port 443.
Ability to disable : SmartScreen Filter can be disabled through the user interface or through Group Policy.