Microsoft Smart Screen False Positivies

Published: 2010-11-04
Last Updated: 2010-11-04 19:30:31 UTC
by Johannes Ullrich (Version: 2)
2 comment(s)

We received a couple of reports about Microsoft's "Smart Screen" flagging harmless sites as malicious. Initially, we considered the possibility of an infected ad service. But it may be a bug in Smartfilter as well. Some reports on twitter [1] show that the problem has been resolved.

Please let us know if you have sample URLs that are still affected.

To disable smart screen: Select "Internet Options" from the "Tools" menu. Select the "Advanced" tab and find the "Enable SmartScreen Filter"  setting (about the 10th item from the bottom. Scroll all the way down). Needless to say: This will also remove the smart screen protection from real-evil sites, not just from appear-to-be-evil-to-smartscreen-today sites. The setting should only be changed if you can't wait for the problem to be fixed.


Johannes B. Ullrich, Ph.D.
SANS Technology Institute

2 comment(s)


This happened to some persons in our workplace recently. Only it was happening for IE8 talking to local LAN web servers that our users use for applications. One of the incidents was an IT staffer just trying to access the Symantec Web console for administration purposes. He says it works today. So IE8 maybe updated itself already.
We definitely saw this with an internal site yesterday for most of the morning, but by 1pm PDT yesterday it had been resolved. The @MicrosoftHelps user on Twitter had some references to it yesterday afternoon. It was definitely a change in their engine--my guess was they were tweaking it to detect something related to the new vulnerability from this week. Not sure.

Diary Archives