Top of Form

Microsoft SmartScreen Filter

Resources SmartScreen Filter FAQLearn about PhishingLearn about Malware

SmartScreen Filter Frequently Asked Questions

View all answers Q.What is phishing?
A. Online phishing (pronounced "fishing") is a method of identity theft that tricks you into revealing personal or financial information online. Phishers use phony websites or deceptive email messages that mimic trusted businesses and brands in order to steal personally identifiable information such as usernames, passwords, credit card numbers, and Social Security numbers.

Q.What is malicious software?

A. Malicious software or malware is software which is deceptive about functionality and is a security risk or a privacy risk. The term malicious software or malware refers to programs that demonstrate illegal, viral, fraudulent, or malicious behavior. For example, viruses, worms, and Trojan horses are malicious software.

Q.What is the SmartScreen filter and how does it help protect me?
A. SmartScreen filter is a feature of Windows Internet Explorer 8. It is designed to help protect you from fraudulent websites trying to steal your personal information. SmartScreen filter also helps protect you from installing malicious software or malware, which are programs that demonstrate illegal, viral, fraudulent, or malicious behavior. SmartScreen filter helps to protect you in three key ways:

It operates in the background as you browse the web, analyzing webpages and determining if they have any characteristics that might be suspicious. If it finds suspicious webpages, SmartScreen filter will display the "Are you trying to visit this website?" fly-out, giving you an opportunity to provide feedback and advising you to proceed with caution. SmartScreen filter checks the sites you visit against an up-to-the-hour, dynamic list of reported phishing sites and malicious software sites. If it finds a match, SmartScreen filter will show you a red warning notifying you that the site has been blocked for your safety. SmartScreen filter also checks files downloaded from the web against the same dynamic list of reported malicious software sites. If it finds a match, SmartScreen filter will show a red warning notifying you that the download has been blocked for your safety.

Q.What does it mean when I see the "Are you trying to visit this website?" fly-out?
A. Internet Explorer 8 displays "Are you trying to visit this website?" fly-out when a suspicious website has some of the typical characteristics of unsafe websites, but it is not on the list of reported unsafe websites. The website might be legitimate, but you should be cautious about entering any personal or financial information unless you are certain that the site is trustworthy. You can help Microsoft evaluate this website by providing appropriate feedback using the links provided.

Q.What does it mean when a website is blocked and flagged in red as a reported unsafe website?

A. A reported unsafe website has been confirmed by reputable sources as fraudulent or linking to malicious software and has been reported to Microsoft. We recommend you do not give any information to such websites.

Q.What information does SmartScreen filter send to Microsoft?

A. SmartScreen filter uses an SSL web connection to send website addresses to Microsoft. For more information about what data is sent and how it is used, see the Internet Explorer Privacy Statement.

Q.One of the sites I visit is being flagged by SmartScreen filter, but it's not an unsafe website. What can I do?

A. From the warning, you can choose to report this site as a safe site. Click the link for More information then click Report that this site does not contain threats. Follow the instructions on the feedback site to complete this process.

Q.If I find a website that I think is unsafe, how do I report it?

A. To report an unsafe website using Windows Internet Explorer 8, click the Safety button, and in the fly-out menu, select SmartScreen Filter, and then click Report Unsafe Website.

Q.How are false warnings or blocks handled?

A. Our goal is to minimize false warnings or blocks. In the extremely rare case of a false warning or block, we offer a web-based feedback system to help users and website owners report any errors as quickly as possible. These reports are verified by our support team and mistakes are corrected.

Q.If I am a website owner, how do I correct a warning or a block on my legitimate site?

A. You can immediately submit a request for a correction. SmartScreen filter has a built-in, web-based feedback system in place to help customers and website owners report any potential false warnings or blocks as quickly as possible. In Windows Internet Explorer 8, from a red warning, click More informationthenReport that this site contains no threats. This will take you to a feedback page where you can indicate you are a site owner or representative. Follow the instructions and provide the information on this site to submit a site for review. Once a dispute is submitted, a team of graders inspects the site in question. All disputes should be submitted through the website reporting process to ensure the quickest resolution.

Q.How do I turn off SmartScreen filter?

A. In Windows Internet Explorer 8, click the Safety button. In the fly-out menu select SmartScreen Filter, and then click Turn off SmartScreen Filter. In the dialog box that appears, select Turn off SmartScreen Filter and click OK

Q.What can I do to help protect myself from online phishing?

A. Be defensive with your personal information. Navigate directly to trusted websites by entering the URL in the browser Address Bar. Be wary of clicking links in email messages and instant messages. Be cautious about providing sensitive data in an email message, instant message, or pop-up window. Go to websites that provide privacy statements or information on how they help protect your personal information.

Q.What can I do to help protect myself from malicious software?

A. Turn on automatic website checking for SmartScreen filter. Keep your computer's software patched and current. Both your operating system and your anti-virus application must be updated on a regular basis. Only download updates from reputable sources. For Windows operating systems, always go to Microsoft Update. For other software, always use the legitimate websites of the company or person who produces it. Always think before you install something, weigh the risks and benefits, and be aware of the fine print. Does the lengthy license agreement that you don't want to read conceal a warning that you are about to install malicious software?

Install and use a firewall. If you are running Windows XP or Windows Vista you can use the build-in software firewall under Control Panel, and there are free versions of firewalls that work on all versions of Windows. Prevention is always better than cure.

Q.What should I do if I think I've entered my personal or financial information into a phishing website?
A. Immediately do the following: Place a fraud alert on your credit reports. Check with your bank or financial advisor if you're not sure how to do this. Contact your banks and online merchants directly. Change the passwords or PINs on all your online accounts. Do not follow links in fraudulent email messages. Close any accounts that have been fraudulently accessed or opened. For more information about how to protect yourself visit http://www.microsoft.com/protect.

Q.What should I do if I discover that I've been a victim of fraud?

A. Immediately do the following: File a report with the local police. Place a fraud alert on your credit reports. Check with your bank or financial advisor if you're not sure how to do this. Contact your banks and online merchants directly. Change the passwords or PINs on all your online accounts. Do not follow links in fraudulent email messages. Close any accounts that have been fraudulently accessed or opened. For more information about how to protect yourself visit http://www.microsoft.com/protect.

Q.What can I do if I suspect my computer has unwanted malicious software installed?

A. The Microsoft Windows Malicious Software Removal Tool (available at http://www.microsoft.com/security/malwareremove/default.mspx) checks computers running Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software and helps remove any infection found. Microsoft releases an updated version of this tool on the second Tuesday of each month, and as needed to respond to security incidents. The tool is available from Microsoft Update, Windows Update and the Microsoft Download Center.

Q.If I am a website owner, what can I do to help minimize the chance of my website being flagged by SmartScreen filter?
A. There are several things you can do that can help minimize the chance of your site being flagged as suspicious. Think of these as best practices or optimal website design ethics.

If you ask users for personal information, use HTTPS with a valid, unexpired server certificate issued by a trusted certification authority. Make sure that your webpage doesn't expose any cross-site scripting (XSS) vulnerabilities. Protect your site by using anti-cross-site scripting functions such as those provided by the Microsoft Anti-Cross Site Scripting library. Use the fully-qualified domain name rather than an IP-literal address. (This means a URL should look like "microsoft.com" and not "207.46.19.30.") Don't encode or tunnel your URLs unnecessarily. If you don't know what this means, you probably aren't doing it. If you post external or third-party hosted content, make sure that the content is secure and from a known and trusted source.

Q.If I am a domain administrator, how do I control the SmartScreen filter in Internet Explorer 8? Is it configurable with group policies?
A. In Internet Explorer 8 (IE8), SmartScreen filter is fully controllable as part of the group policy support and using Internet Explorer 8 security zone settings. SmartScreen filter interrupts navigation and downloads from sites known to host malicious content, including Phishing attacks. The user may elect to ignore SmartScreen filter warnings and continue navigation. You can use Group Policy to prevent the user from overriding SmartScreen filter warnings. You can also configure SmartScreen filter not to check sites in the trusted zone. By default, SmartScreen filter in IE8 does check these sites, but you can turn checking off for this zone. You can then add your own custom list of sites to the trusted zone for your enterprise, including sites a company has decided are "safe" or "trusted." These sites are trusted locally by SmartScreen filter and are never checked automatically.

Q.Can I customize a list of trusted sites for SmartScreen filter in Internet Explorer 8?
A. As an Enterprise administrator or an individual user, you can add your own list of trusted sites for your company or yourself and then turn SmartScreen filter off for the Trusted Sites zone. 1. From the Internet Explorer Tools menu, click Internet Options. 2. In the Internet Options dialog box, click the Security tab. 3. Click the Trusted sites icon, and then click the Sites button. 4. In the Trusted sites dialog box, enter the website URL in the Add this website to the zone box, and then click Add. Close the box. 5. Click Custom level... and select Disable under Use SmartScreen filter. You may have to scroll through several items. 6. Click OK. 7. Click Yes on the pop-up message. 8. Click OK.

 2008 Microsoft Corporation.All rights reserved.Terms of Use|Trademarks|Privacy Statement

Bottom of Form