Microsoft Defender SmartScreen Archives

Tech Optimizer

April 11, 2026

Antivirus protection built into Windows

Windows 11 includes Microsoft Defender Antivirus, which is active from the moment the device is powered on and integrated into the operating system. It continuously updates to protect against various threats, including malicious files and unsafe links. Microsoft Defender SmartScreen evaluates the safety of websites and downloads, providing warnings for dubious content. Smart App Control prevents untrusted applications from executing, while Controlled folder access protects personal files from unauthorized modifications. Users can verify the operational status of Microsoft Defender Antivirus through Windows Security settings. Best practices for maintaining security include keeping the antivirus updated, using a single real-time antivirus engine, and enhancing security habits. Microsoft Defender Antivirus is generally sufficient for everyday risks, but additional third-party antivirus solutions may be considered based on individual needs.

Winsage

July 9, 2025

Microsoft Patch Tuesday, July 2025 Edition

Microsoft has released updates addressing 137 vulnerabilities across its Windows operating systems and supported software, with 14 classified as "critical." CVE-2025-49719 is a publicly disclosed information disclosure flaw affecting all SQL Server versions since 2016, posing a supply-chain risk due to its potential exploitation without authentication. SQL Server 2012 has reached its end of life, meaning no future security patches will be available. CVE-2025-47981 is a critical remote code execution vulnerability with a CVSS score of 9.8, affecting Windows clients and Windows Server. Microsoft also addressed four critical remote code execution vulnerabilities in its Office suite, including CVE-2025-49695 and CVE-2025-49696, which can be triggered through the Preview Pane. Other high-severity vulnerabilities include CVE-2025-49740, which could bypass Microsoft Defender SmartScreen, and CVE-2025-47178, allowing attackers to execute arbitrary SQL queries with minimal privileges. Adobe has also released security updates for various software, and users are advised to back up data before installing patches.

Tech Optimizer

May 21, 2025

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer

Microsoft has monitored Lumma Stealer, an infostealer malware used by financially motivated threat actors. Lumma Stealer, also known as LummaC2, functions as a malware-as-a-service (MaaS) solution that extracts data from browsers and applications, including cryptocurrency wallets. The entity behind Lumma is identified as Storm-2477, which maintains the malware and its command-and-control (C2) infrastructure. Affiliates can create malware binaries and manage C2 communications through a panel provided by Storm-2477. Ransomware groups have integrated Lumma Stealer into their operations. Lumma Stealer employs various delivery techniques, including phishing emails, malvertising, drive-by downloads, Trojanized applications, and abuse of legitimate services. Specific campaigns have been identified, such as one in April 2025 that used EtherHiding and ClickFix techniques to deliver Lumma Stealer via compromised websites. Another campaign on April 7, 2025, targeted Canadian organizations with emails containing invoice lures that led to malicious downloads. The malware is developed using C++ and ASM, employing advanced obfuscation techniques to evade detection. It can extract a wide range of user data, including browser credentials, cryptocurrency wallet information, and user documents. Lumma Stealer maintains a robust C2 infrastructure with multiple hardcoded and fallback C2 servers, utilizing encryption methods to secure communications. Microsoft's Digital Crimes Unit has disrupted Lumma Stealer's infrastructure by blocking approximately 2,300 malicious domains. Recommendations to mitigate the impact of Lumma Stealer include strengthening Microsoft Defender configurations, implementing multifactor authentication, and utilizing phishing-resistant authentication methods. Microsoft Defender products can detect and block activities associated with Lumma Stealer, providing alerts and insights for incident response.

Tech Optimizer

May 17, 2025

Do You Really Need Antivirus on Windows 11? Probably Not—Here’s Why

Windows 11 has robust built-in security features that may reduce the need for third-party antivirus software. Windows Security now offers comprehensive protection, including real-time malware detection, firewall protection, SmartScreen alerts, hardware-level security, account monitoring, and system health reports. According to AV-TEST results from January and February 2025, Microsoft Defender Antivirus scored 6.0/6.0 in protection, performance, and usability, effectively stopping advanced malware and phishing attempts with minimal system resource usage. Users of Microsoft Edge benefit from SmartScreen filtering, while those using other browsers receive system notifications for network protection. Basic digital hygiene practices, such as avoiding suspicious downloads and keeping software updated, are crucial for security. Third-party antivirus solutions may offer additional features but can lead to performance issues and privacy concerns. For casual users who maintain their systems and practice safe browsing, Windows Security is generally sufficient, while those handling sensitive information or needing advanced features may consider premium antivirus options.

AppWizard

May 14, 2025

Marbled Dust leverages zero-day in Output Messenger for regional espionage

Since April 2024, the threat actor Marbled Dust has been exploiting a zero-day vulnerability (CVE-2025-27920) in the Output Messenger chat application, targeting user accounts that have not applied necessary fixes. This exploitation has resulted in the collection of sensitive data from users in Iraq, specifically linked to the Kurdish military. Microsoft has high confidence in this assessment and notes that Marbled Dust conducts reconnaissance to identify potential targets using Output Messenger. Marbled Dust has successfully utilized this vulnerability to deploy malicious files and exfiltrate data. Microsoft notified the application’s developer, Srimax, about the vulnerability, leading to the release of a software update. A second vulnerability (CVE-2025-27921) was also found, but no exploitation of this second flaw has been observed. The zero-day vulnerability allows an authenticated user to upload malicious files to the server's startup directory. Marbled Dust has exploited this flaw to place a backdoor file, OMServerService.vbs, in the startup folder, enabling them to access communications and sensitive data indiscriminately. The attack chain begins with Marbled Dust gaining access to the Output Messenger Server Manager, likely through DNS hijacking or other credential interception techniques. Once inside, they exploit the vulnerability to drop malicious files, including a GoLang backdoor, which connects to a Marbled Dust command-and-control domain for data exfiltration. To mitigate this threat, Microsoft recommends updating to the latest version of Output Messenger, activating various security protections, and implementing rigorous vulnerability management strategies. Microsoft Defender XDR customers can identify potential threat activity through specific alerts related to Marbled Dust and utilize advanced hunting queries for detection. Indicators of compromise include traffic to the domain api.wordinfos[.]com, associated with Marbled Dust activities.

Winsage

March 10, 2025

Microsoft: Don’t fall for unwanted apps on Windows 10, clean install Windows 11 ASAP

Microsoft has revised its support documentation to highlight the importance of recognizing unsafe applications on Windows 10 and encourages users to upgrade to Windows 11. Applications on a PC can be categorized into three groups: Clean apps (from the Microsoft Store or pre-installed), malware apps (from untrusted sources), and potentially unwanted apps (PUAs) which may not be malicious but can clutter user experience. Microsoft warns that after October 2025, Windows 10 will no longer receive updates, increasing vulnerability to cyber threats. Upgrading to Windows 11 enhances security with features like Smart App Control. To clean install Windows 11, users need the Media Creation Tool to create a bootable USB drive. The process involves downloading the tool, creating the USB, and then installing Windows 11 on the target PC. Users should ensure their PC meets the hardware requirements for Windows 11. After upgrading to Windows 11, users are advised to configure settings to block potentially unwanted applications by enabling options in the Privacy and Security settings. To minimize risks, it is recommended to download apps from the Microsoft Store, keep Windows 11 updated, and use the Microsoft Edge browser with SmartScreen.

Winsage

March 8, 2025

Microsoft lists a reason why you should update to Windows 11 from 10 via clean install

Microsoft is encouraging users to transition from Windows 10 to Windows 11, which currently holds a market share of 38% compared to Windows 10's nearly 60%. In February 2024, Microsoft launched a promotional campaign to highlight the benefits of Windows 11, and by June, it aimed to dispel myths about the new operating system. The company emphasized security features, particularly the Smart App Control feature in Windows 11, which helps protect against potentially unwanted applications (PUAs). The updated support page for Windows 11 includes recommendations such as downloading apps from trusted sources, using updated antivirus software, and keeping devices up-to-date. Smart App Control requires a clean installation of Windows 11, and users upgrading from Windows 10 must perform a reset, as an in-place upgrade is not sufficient.

Winsage

February 10, 2025

Microsoft Edge tests integrating Copilot into Settings, auto-opening AI on Windows 11

Microsoft is exploring deeper integration of its Copilot feature in Edge, with potential developments including a troubleshooter in the Settings menu and automatic sidebar activation upon browser launch on Windows 10 and 11. An "Ask Copilot" button may also be introduced in the Settings app for user assistance. References suggest Copilot could activate with new tabs or browser launches. Additionally, Edge has launched an AI-driven "Scareware Blocker" in version 133 for Windows 11 to protect users from online scams by blocking harmful sites in real-time. This feature is expected to improve over time and complements Microsoft Defender SmartScreen Protection.

Winsage

October 19, 2024

Google Reveals New Chrome Update—Microsoft Warns Windows Users To Change Your Browser

Google's Chrome holds a 65% market share and faces potential break-up actions from the Department of Justice. Microsoft is promoting its Edge browser to Windows users, highlighting enhanced security features through Microsoft Defender SmartScreen. Microsoft encourages enterprises to adopt Edge, suggesting that employees may also use it at home, threatening Chrome's user base. In response, Google has launched a campaign to reassure its 3 billion Chrome users about its security measures, emphasizing its innovations and commitment to user safety. Google is also addressing privacy concerns related to tracking cookies and plans to introduce an opt-in tracking mechanism, while Microsoft is developing the “Privacy-Preserving Ads API” for Edge. Both companies are focusing on security and privacy as key competitive factors. Chrome has recently updated to version 130.0.6723.58/.59, and users are advised to restart their browsers after the update for optimal security.

Winsage

October 12, 2024

Microsoft Warns Millions Of Windows Users—Change Your Browser As New Attacks Underway

Microsoft has issued a warning to Windows users about increasing attacks that exploit legitimate file hosting services, using tactics to evade security measures. These attacks involve fraudulent websites designed to harvest user credentials, prompting Microsoft to recommend the use of Microsoft Edge, which integrates with Microsoft Defender SmartScreen to block malicious sites. Microsoft previously advised Chrome users to update or stop using the browser due to a zero-day vulnerability, encouraging a shift to Edge. The attacks leverage trusted file-sharing platforms like Dropbox and OneDrive, deceiving users into opening malicious files. Microsoft emphasizes using Edge with conditional access policies and Microsoft Defender for enhanced security. Additionally, Microsoft is developing a privacy-preserving ads API for Edge, aiming to improve user privacy while addressing the challenges of third-party cookie tracking. This new API is currently in limited preview and requires manual activation in specific regions.