Jul 01, 2013. Sep 07, 2020.
-->Applies to:
- Windows 10
- Windows 10 Mobile
- Microsoft Edge
Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files.
Microsoft Defender SmartScreen determines whether a site is potentially malicious by:
- Analyzing visited webpages looking for indications of suspicious behavior. If Microsoft Defender SmartScreen determines that a page is suspicious, it will show a warning page to advise caution.
- Checking the visited sites against a dynamic list of reported phishing sites and malicious software sites. If it finds a match, Microsoft Defender SmartScreen shows a warning to let the user know that the site might be malicious.
Microsoft Defender SmartScreen determines whether a downloaded app or app installer is potentially malicious by:
- Checking downloaded files against a list of reported malicious software sites and programs known to be unsafe. If it finds a match, Microsoft Defender SmartScreen shows a warning to let the user know that the site might be malicious.
- Checking downloaded files against a list of files that are well known and downloaded by many Windows users. If the file isn't on that list, Microsoft Defender SmartScreen shows a warning, advising caution.
Benefits of Microsoft Defender SmartScreen
Microsoft Defender SmartScreen provide an early warning system against websites that might engage in phishing attacks or attempt to distribute malware through a socially-engineered attack. The primary benefits are:
- Anti-phishing and anti-malware support. Microsoft Defender SmartScreen helps to protect users from sites that are reported to host phishing attacks or attempt to distribute malicious software. It can also help protect against deceptive advertisements, scam sites, and drive-by attacks. Drive-by attacks are web-based attacks that tend to start on a trusted site, targeting security vulnerabilities in commonly used software. Because drive-by attacks can happen even if the user does not click or download anything on the page, the danger often goes unnoticed. For more info about drive-by attacks, see Evolving Microsoft Defender SmartScreen to protect you from drive-by attacks
- Reputation-based URL and app protection. Microsoft Defender SmartScreen evaluates a website's URLs to determine if they're known to distribute or host unsafe content. It also provides reputation checks for apps, checking downloaded programs and the digital signature used to sign a file. If a URL, a file, an app, or a certificate has an established reputation, users won't see any warnings. If, however, there's no reputation, the item is marked as a higher risk and presents a warning to the user.
- Operating system integration. Microsoft Defender SmartScreen is integrated into the Windows 10 operating system, meaning that it checks any files an app (including 3rd-party browsers and email clients) attempts to download and run.
- Improved heuristics and diagnostic data. Microsoft Defender SmartScreen is constantly learning and endeavoring to stay up-to-date, so it can help to protect you against potentially malicious sites and files.
- Management through Group Policy and Microsoft Intune. Microsoft Defender SmartScreen supports using both Group Policy and Microsoft Intune settings. For more info about all available settings, see Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings.
- Blocking URLs associated with potentially unwanted applications. In Microsoft Edge (based on Chromium), SmartScreen blocks URLs associated with potentially unwanted applications, or PUAs. For more information on blocking URLs associated with PUAs, see Detect and block potentially unwanted applications.
Important
SmartScreen protects against malicious files from the internet. It does not protect against malicious files on internal locations or network shares, such as shared folders with UNC paths or SMB/CIFS shares.
Submit files to Microsoft Defender SmartScreen for review
If you believe a warning or block was incorrectly shown for a file or application, or if you believe an undetected file is malware, you can submit a file to Microsoft for review. For more info, see Submit files for analysis.
When submitting Microsoft Defender Smartscreen products, make sure to select Microsoft Defender SmartScreen from the product menu.
Viewing Microsoft Defender SmartScreen anti-phishing events
Note
No Smartscreen events will be logged when using Microsoft Edge version 77 or later.
When Microsoft Defender SmartScreen warns or blocks a user from a website, it's logged as Event 1035 - Anti-Phishing.
Viewing Windows event logs for Microsoft Defender SmartScreen
Microsoft Defender SmartScreen events appear in the Microsoft-Windows-SmartScreen/Debug log in Event Viewer.
Facebook for mac os x. Windows event log for SmartScreen is disabled by default, users can use Event Viewer UI to enable the log or use the command line to enable it:
Note
For information on how to use the Event Viewer, see Windows Event Viewer.
EventID | Description |
---|---|
1000 | Application Windows Defender SmartScreen Event |
1001 | Uri Windows Defender SmartScreen Event |
1002 | User Decision Windows Defender SmartScreen Event |
![Defender Defender](/uploads/1/2/6/4/126437920/313902972.png)
Related topics
-->Applies to:
Microsoft Defender Offline is an antimalware scanning tool that lets you boot and run a scan from a trusted environment. The scan runs from outside the normal Windows kernel so it can target malware that attempts to bypass the Windows shell, such as viruses and rootkits that infect or overwrite the master boot record (MBR).
You can use Microsoft Defender Offline if you suspect a malware infection, or you want to confirm a thorough clean of the endpoint after a malware outbreak.
In Windows 10, Microsoft Defender Offline can be run with one click directly from the Windows Security app. In previous versions of Windows, a user had to install Microsoft Defender Offline to bootable media, restart the endpoint, and load the bootable media.
prerequisites and requirements
Microsoft Defender Offline in Windows 10 has the same hardware requirements as Windows 10.
For more information about Windows 10 requirements, see the following topics:
Note
Microsoft Defender Offline is not supported on machines with ARM processors, or on Windows Server Stock Keeping Units.
To run Microsoft Defender Offline from the endpoint, the user must be logged in with administrator privileges.
Microsoft Defender Offline updates
Microsoft Defender Offline uses the most recent protection updates available on the endpoint; it's updated whenever Windows Defender Antivirus is updated.
Note
![Microsoft windows defender for windows 10 Microsoft windows defender for windows 10](/uploads/1/2/6/4/126437920/382799862.jpg)
Before running an offline scan, you should attempt to update Microsoft Defender AV protection. You can either force an update with Group Policy or however you normally deploy updates to endpoints, or you can manually download and install the latest protection updates from the Microsoft Malware Protection Center.
See the Manage Microsoft Defender Antivirus Security intelligence updates topic for more information.
Usage scenarios
In Windows 10, version 1607, you can manually force an offline scan. Alternatively, if Windows Defender determines that Microsoft Defender Offline needs to run, it will prompt the user on the endpoint.
The need to perform an offline scan will also be revealed in Microsoft Endpoint Configuration Manager if you're using it to manage your endpoints.
The prompt can occur via a notification, similar to the following:
The user will also be notified within the Windows Defender client.
In Configuration Manager, you can identify the status of endpoints by navigating to Monitoring > Overview > Security > Endpoint Protection Status > System Center Endpoint Protection Status.
Microsoft Defender Offline scans are indicated under Malware remediation status as Offline scan required.
Configure notifications
Microsoft Defender Offline notifications are configured in the same policy setting as other Microsoft Defender AV notifications.
For more information about notifications in Windows Defender, see the Configure the notifications that appear on endpoints topic.
Microsoft Windows Defender Free Download
Run a scan
Important
Before you use Microsoft Defender Offline, make sure you save any files and shut down running programs. The Microsoft Defender Offline scan takes about 15 minutes to run. It will restart the endpoint when the scan is complete. The scan is performed outside of the usual Windows operating environment. The user interface will appear different to a normal scan performed by Windows Defender. After the scan is completed, the endpoint will be restarted and Windows will load normally.
You can run a Microsoft Defender Offline scan with the following:
- PowerShell
- Windows Management Instrumentation (WMI)
- The Windows Security app
Use PowerShell cmdlets to run an offline scan
Microsoft Windows Defender Update
Use the following cmdlets:
See Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus and Defender cmdlets for more information on how to use PowerShell with Microsoft Defender Antivirus.
Use Windows Management Instruction (WMI) to run an offline scan
Use the MSFT_MpWDOScan class to run an offline scan.
The following WMI script snippet will immediately run a Microsoft Defender Offline scan, which will cause the endpoint to restart, run the offline scan, and then restart and boot into Windows.
See the following for more information:
Use the Windows Defender Security app to run an offline scan
- Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for Defender.
- Click the Virus & threat protection tile (or the shield icon on the left menu bar) and then the Advanced scan label:Check mac for virus apple. While your Mac can definitely be infected with malware, Apple’s built-in capabilities are meant to make it less likely that you’ll download and run malicious software.Apple introduced malware detection to the Mac OS with Snow Leopard (Mac OS 10.6). You may have been led to believe that you don’t have to worry about computer viruses on your Mac. And, to some extent, there’s truth to that.
- Select Microsoft Defender Offline scan and click Scan now.NoteIn Windows 10, version 1607, the offline scan could be run from under Windows Settings > Update & security > Windows Defender or from the Windows Defender client.
Review scan results
Microsoft Defender Offline scan results will be listed in the Scan history section of the Windows Security app.