Smart App Control in Windows 11 explained
Microsoft unveiled a new security feature in a recent Insider build for its Windows 11 operating system that it calls Smart App Control.
Microsoft describes it as a security feature for Windows 11 "that blocks untrusted or potentially dangerous applications". Smart App Control runs in evaluation mode at first according to Microsoft, but it may turn itself on automatically.
SAC is first configured in evaluation mode. While SAC is in evaluation mode, it will learn if it can help protect you without getting in your way too much. If so, it will automatically be turned on. Otherwise, it will automatically be turned off. While in evaluation mode, a user can manually turn on SAC in the Windows Security app under the App & Browser Control section
The description is vague and it left many questions unanswered.
What is Smart App Control?
Smart App Control is a security feature that blocks malicious, untrusted and potentially unwanted apps on Windows devices.
- Malicious applications are flagged by Microsoft. They may do all sorts of unwanted things on a PC, including deleting files, pushing remote control software on devices, stealing data, monitoring user activities and more.
- Untrusted applications are not necessarily malicious. Microsoft uses two main factors to determine whether an app is untrusted or not. The first determines whether the app is digitally signed, the second takes usage into account. Unsigned apps that Microsoft's cloud-based security service are not familiar with are considered untrusted.
- Potentially unwanted apps may contain unexpected ads, slow down devices, or include offers for extra software that users don't want.
Smart App Control is only active on newly installed systems. Microsoft does not provide an explanation for this, but Microsoft wants to avoid issues with already installed applications probably at this stage. Users may enable Smart App Control manually on their devices.
The feature runs in evaluation mode in the beginning to determine whether the feature should be turned on or off. Evaluation mode monitors activity on the device, but it does not block anything in that mode.
Smart App Control is turned on or off after the evaluation period automatically. Windows 11 administrators may turn the feature on or off manually, if available. Once turned off, it can't be turned on again according to Microsoft unless a clean install is performed.
When Smart App Control is turned on, it will block the execution of applications that it flags on the device. There is no option to unblock applications, e.g., by adding them to an exclusions list.
Windows 11 users may configure Smart App Control by running a search for "Smart App Control" in the search box. It is part of Windows Security in the Settings application on Windows 11 devices.
Smart App Control unifies several Windows Defender's protections. Windows Defender is capable of blocking malicious apps from running, and users may enable support for blocking potentially unwanted apps as well. SmartScreen, another security component, blocks untrusted applications already. All of these are now unified in Smart App Control.
The lack of an override makes the feature unusable for most use cases at the time of writing. The only option that users have is to turn it off completely, but that means that it can't be turned on again easily according to Microsoft.
Now You: what is your take on Smart App Control?Advertisement