How To: Test the SmartScreen Filter and Windows Defender Detection Scenarios

Most modern software have tools built in for detecting threats as we browse the web and download files, but typically, we do not get to see them in action. If you would like to see how your Microsoft Edge, Internet Explorer and Windows Defender reacts to these types of threats, then there are a couple of test sites you can use without putting your system at risk.

Richard Hay, Senior Content Producer

September 12, 2016

6 Min Read
How To: Test the SmartScreen Filter and Windows Defender Detection Scenarios

What is the best way to test some of the protection related features on your Windows system like SmartScreen Filter and Windows Defender?

One option, which we do not recommend -- because it is frankly very reckless -- would be to just start browsing for malicious sites and waiting for one of them to try and drop a suspicious file on your system. Or you could serve up a phishing/malware laced site in your browser ...

No - we definitely do not recommend doing something like that.

However, you should know how detection tools like the SmartScreen Filter work in Microsoft Edge and Internet Explorer. The same thing goes for Windows Defender. Don't you want to know it's prepared to react to an infected file that arrives on your system? There is something about seeing your system react to those threats that really helps the learning process.

Microsoft SmartScreen Demo Pages and the EICAR Anti-Malware Test File, come in handy because they give you a safe environment to trigger these system tools so you can see them in action.
 

Take the Tour: Microsoft SmartScreen Demo Pages

This index consists of test pages that will show you how the SmartScreen Filter will react to threats in both Microsoft Edge and Internet Explorer.

As you can see above, the test pages are separated into two categories with one showing how the URL reputation detection works and the other showing the same type of detection for downloadable files.

You can click on each one of them yourself to see how SmartScreen will handle the detected threat and here are some explanations of how you can interact with these pages when it is a real threat.

URL Rep Demos

Is this phishing? Alert the user to a suspicious page and ask for feedback.

This is the one scenario where you will be asked to verify if the site is safe or not and report that result back to Microsoft.

The Phishing, Malware and Exploit pages will turn your screen bright red with a warning:

The smartest move when you encounter a page that gives you a warning like this is to close your browser and not continue. However, if you are 100% confident that this site is not a threat then you can click on the More information link at the bottom for a couple of additional options:

Again, be 100% sure that the page you are trying to reach is not a threat and select to either report that back to Microsoft or go ahead to the site. As you can see that is not recommended - do not visit that page just because you want to go there and browse it.

A very large portion of computer security is using that organ that is between your ears and your mouse clicking finger - your brain!

The Malvertising demo will show you an ad based threat in its own frame that has been detected and blocked:

Finally, the Blocked Download will show you how any Internet downloads are blocked when they are detected by the SmartScreen Filter:

App Rep Demos

The last three SmartScreen Filter demos are for downloaded files and show you how your system will react to known good, unknown or known malware programs. Remember, you can click on the demos alongside of this article or on your own to see the protection in action on your system.

Of course, a known good program that does not contain a threat will download normally and be saved to your system in your Download folder so there is no need to show what that looks like here and you can click that demo and download the file if you want to see it in action. However, it is likely you have already done this many times in the past.

Unknown Program

As you can see this is detected as a file that is not commonly downloaded and you are warned that it can cause harm. You have three options and again must engage the brain to evaluate where you are downloading the file from and if that is a safe source. You must be 100% sure about these details otherwise abandon the download and delete it from your system.

Known Malware

This warning means that the file you just downloaded matches a known signature for a malicious file. As you can see there are only two options - delete it or view your downloads folder.

Once again, if you have any doubt about the origin of this file or the site you are trying to download it from then delete it and protect your system.

Even the files that get downloaded with warnings from SmartFilter get tagged in the download folder as you view them:

Go ahead and click on one of these demo files and see what happens - after the warning pops up click on the More info link.

You will see this dialog box with an option to ignore this, which is at least the third warning about an infected file, and go ahead and run the file. Hopefully, three distinct warnings at this point will deter your intent to use this file - at least it should. However, this is any aware you are in control and Microsoft will let you ruin the file anyway despite their best efforts to warn you about the risk.

Take the Tour: EICAR Anti-Malware Test File

As a prosumer or IT Pro, you certainly do not want to be sending and receiving live virus samples to test Windows Defender however, the EICAR Test File can be used to safely test Windows Defender's detection process.

As the Microsoft Malware Protection Center states this is not a malicious file but is used to check that your security software is working.

As you can see, any attempts I made to download the file triggered an alert from Windows Defender in my Alert Center and also quarantined the file on the system - the exact same process that would occur if you encountered a real threat.

Here are the detection alerts in Action Center on Windows 10:

This is the History tab in Windows Defender showing you the quarantined files that were detected on your system.

After these files are no longer a threat you can delete them from your system on this same page in Windows Defender.

So hopefully these test pages give you a sense of how your system will react when threats are detected and give you an opportunity to practice dealing with those threats and the related alerts on your system.

As I said earlier, protecting yourself on the Internet from threats is a combination of using security software and employing the gray matter between your ears to avoid suspicious websites and downloads. Tools like the SmartScreen Filter in Microsoft Edge and Internet Explorer plus Windows Defender can go a long way to help protect us but if we ignore those warnings on multiple levels that is a recipe for disaster.

In that case I hope you have a functioning backup of all your important documents and software because you are eventually going to need them.

Stay safe, educated and protected out there!

But, wait...there's probably more so be sure to follow me on Twitter and Google+.

About the Author

Richard Hay

Senior Content Producer, IT Pro Today (Informa Tech)

I served for 29 plus years in the U.S. Navy and retired as a Master Chief Petty Officer in November 2011. My work background in the Navy was telecommunications related so my hobby of computers fit well with what I did for the Navy. I consider myself a tech geek and enjoy most things in that arena.

My first website – AnotherWin95.com – came online in 1995. Back then I used GeoCities Web Hosting for it and WindowsObserver.com is the result of the work I have done on that site since 1995.

In January 2010 my community contributions were recognized by Microsoft when I received my first Most Valuable Professional (MVP) Award for the Windows Operating System. Since then I have been renewed as a Microsoft MVP each subsequent year since that initial award. I am also a member of the inaugural group of Windows Insider MVPs which began in 2016.

I previously hosted the Observed Tech PODCAST for 10 years and 317 episodes and now host a new podcast called Faith, Tech, and Space. 

I began contributing to Penton Technology websites in January 2015 and in April 2017 I was hired as the Senior Content Producer for Penton Technology which is now Informa Tech. In that role, I contribute to ITPro Today and cover operating systems, enterprise technology, and productivity.

https://twitter.com/winobs

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like