Comment by freeone3000

4 years ago

Imagine a program, WinSudo.exe. This program runs elevated, by magic. It passes its arguments to CreateProcess(). You call WinSudo.exe Virus.exe. Virus.exe execution is blocked by SmartScreen.

(This scenario is itself a security flaw that existed for some combinations of Windows system utilities, so this is a real concern.)

Now, you could change WinSudo.exe to disable SmartScreen, sure -- but this requires you to be able to modify WinSudo.exe (which should require Administrator), and the mismatched binary would ALSO flag SmartScreen.

well WinSudo.exe DisableSmartScreenAndCallVirus.exe Virus.exe might work if the first two are not smart screen detected yet. a simple program might not be detected by smartscreen yet.