Menu Close

Explained: What is Windows Smart App Control and what it means for users

Microsoft introduced the Smart App Control safety function for Windows 11 in April. According to a report by Bleeping Computer, Microsoft’s VP for Enterprise and OS Security, David Weston described this function as a “major enhancement to the Windows 11 security model” throughout its launch. Weston even added that this function is designed to permit solely protected and dependable apps to open. As per the report, the Windows Smart App Control safety function is now up to date to dam a number of new sorts of recordsdata that cyber attackers have just lately adopted to contaminate targets with malware in phishing assaults.
What is Windows Smart App Control and why does it want the replace
Microsoft launched the Smart App Control (SAC) safety function by together with it with the most recent OS model — Windows 11. Recently, Microsoft restarted blocking macros in Office recordsdata downloaded from the Internet. This choice by the tech large pressured attackers to change to new file varieties to ship their malicious payloads on victims’ gadgets, together with — ISO, RAR, and Windows Shortcut (LNK) recordsdata.
Weston has shared a tweet to substantiate, “Windows 11 with smart app control blocks .iso and .lnk files that have the mark of the web just like Macros.” The report additionally states that Microsoft’s claims have been examined to examine authenticity. As per the report, SAC now routinely stops IMG, VHD, and VHDX recordsdata from opening and it additionally blocks different recordsdata from operating like — .appref-ms, .bat, .cmd, .chm, .cpl, .js, .jse, .msc, .msp, .reg, .vbe, .vbs and .wsf recordsdata.

Moreover, the software is at the moment underneath growth and is solely accessible to the members of the Windows Insider program. Microsoft is anticipated to bundle this function with an upcoming Windows 11 replace to make it accessible for most people, the report suggests.
How does this function work
As per Microsoft’s official weblog, when users attempt to run an app on Windows, the Smart App Control function checks if the cloud-powered safety service could make a assured prediction about its security.
If the service considers the app to be protected it will permit it to run, but when the safety app fails make a assured prediction in regards to the app, it blocks the identical with this message: “Smart App Control blocked an app that may be unsafe. This file was blocked because files of this type from the internet can be dangerous.”

Moreover, if the security service is unable to make a confident prediction about the app, then Smart App Control will check if the app has a valid signature. If the app has a valid signature it will be allowed to run otherwise it will be considered untrusted and will be blocked.
How to enable this feature
Insiders who are testing the feature will be able to find the settings for Smart App Control in the App & browser control panel of the Windows Security app. Meanwhile, users can also search for the feature by tapping the Start button.
Drawbacks of this security feature
The Windows Smart App Control feature works along with security software like Microsoft Defender to defend users against attacks, however, this feature still has some flaws that the tech giant needs to resolve before it is rolled out to the wider public. Firstly, this feature is currently available only for Windows Insiders on systems running Windows 11.
Moreover, this feature can only be used on clean installs of Windows 11 to ensure that no existing untrusted apps are running on the device, which forces users to reinstall or reset their systems to try the new feature. Users who are running previous versions of Windows 11 will have to be reset and have a clean installation of Windows 11 to take advantage of this feature.

Apart from that, Microsoft’s official blog doesn’t mention SAC blocking specific file types that were revealed by Weston. The company also mentions that the feature might get deactivated automatically on some systems after an “evaluation mode” is carried out to examine if the system is able to operating this function with out ruining the consumer expertise. SAC can be disabled in these methods till they’re accredited within the “evaluation mode”
Lastly, the corporate has not supplied any SAC exclusion listing that may forestall it from triggering when users attempt to open a selected app or file.