I’ve previously explained how Chromium-based browsers assign a “danger level” based on the type of the file, as determined from its extension. Depending on the Danger Level, the browser may warn the user before a file download begins in order to confirm that the user really wanted a potentially-dangerous file.

Deep in that article, I noted that Edge and Chrome can override the danger level for specific files based on the result of reputation checks against their respective security services (SmartScreen for Edge, SafeBrowsing for Chrome).

Stated another way, reputation services don’t just block download of known-unsafe files, they also smooth the download flow for known-safe files.

To see what that looks like, consider the case of downloading a trustworthy installer file (the Edge Canary setup program) in Edge with SmartScreen disabled and enabled.

With SmartScreen disabled:

In contrast, if you enable SmartScreen and try again, this time, the file download (#5) is not interrupted:

The download’s default danger level was overridden by the result of SmartScreen’s reputation check on the downloaded file’s signature and hash. The result indicated that this is a known-safe signer or file:

-Eric

PS: When testing this yourself, you might find that you unexpectedly still don’t get a security prompt for some files even after SmartScreen is disabled. Try using the “Clear Browsing History” command (Ctrl+Shift+Del) to clear any caches before trying this scenario.

Impatient optimist. Dad. Author/speaker. Created Fiddler & SlickRun. PM @ Microsoft 2001-2012, and 2018-, working on Office, IE, and Edge. Now a GPM for Microsoft Defender. My words are my own, I do not speak for any other entity. View more posts