New
#10
Yes. I disabled these settings about a month ago and have restarted many times since then.
It appears that you can’t fully disable the SmartScreen process. Even if you turn off the SmartScreen feature in Windows, the SmartScreen process still launches when you sign into your PC. However, it uses no CPU resources and only a few megabytes of memory.
Unusually I want the warning message, as it appears to be the solution to a requirement for Cyber Essentials Plus https://www.cyberessentials.ncsc.gov...Spec%20(6).pdf.
I have a selection of downloaded files all with the Zone.Identifier markers which our official tester uses to certify us – currently failing because of no warning when they are opened. This happens both at work (domain) or home (several standalone PCs). All are Windows 10 1809.
Option 2 Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ shows SmartScreenEnabled=RequireAdmin (home PC) and SmartScreenEnabled=Prompt (work domain PCs), whereas your article suggests Block, Warn or Off. Warn is what I think I need.
If I run any of the test files, they run with no warning, and the Zone.Identifier is removed. This results in a fail. I’ve tried with the options for SmartScreenEnabled – Block, Warn, Prompt, RequireAdmin with no joy.
Your article shows that when you run a file there is the option to unselect ‘Always ask before opening this file’. I’m guessing that deselecting this removes the Zone.Identifier:$Data marked from the file, and this is what happens when the fileis run (without any warning screen).
What am I missing, or has 1809 broken something?
Thanks for the welcome and confirmation of the removal of the flag. After another day of banging my head against it i am no further forward. The best I can do is to get a Windows Store app warning that I'm about to install an app that hasn't come from the Windows Store (for ,.com and .exe files only).
My home PCs have Norton and my work pcs have Sophos AV, and I suspect that they turn off the Windows Defender aspects that used to flag a file as being of alien origin (no offence intended given your logo!). I have as yet found no way to enable it or to replace it with a suitable warning from Sophos. I could not get it to revert to the Windows Defender warning after removing Sophos either... I have tried all the registry and policy settings found on your wonderful site to no avail.
It's a very simple concept that seems to be impossible to meet - a warning before opening that you've downloaded this file from somewehere insecure - and profoundly irritating that it used to work in the past (and was equally irritating then for the opposite reason). All suggestions welcomed. There must be some Cyber Essentials Plus genii who can solve this one. My last resort is a Watchguard firewall rule, but the Law of Sod dictates that the 'warn' functionality will only appear in the next release. A total block on downloads for unauthorised users is the only current option.
Any changes or updates to this process, I've done them all and my smartscreen still activates?
I have solution for this! Go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SecurityHealthService
Set Start to 4. Since doing this, smartscreen no longer runs in the background.
There's a particular schedule I have observed that happens after 12-14 minutes at system startup. Disabling this eliminates this from running in the background.