Smart App Control in Windows 11 explained
Microsoft unveiled a new security feature in a recent Insider build for its Windows 11 operating system that it calls Smart App Control.
Microsoft describes it as a security feature for Windows 11 "that blocks untrusted or potentially dangerous applications". Smart App Control runs in evaluation mode at first according to Microsoft, but it may turn itself on automatically.
SAC is first configured in evaluation mode. While SAC is in evaluation mode, it will learn if it can help protect you without getting in your way too much. If so, it will automatically be turned on. Otherwise, it will automatically be turned off. While in evaluation mode, a user can manually turn on SAC in the Windows Security app under the App & Browser Control section
The description is vague and it left many questions unanswered.
What is Smart App Control?
Smart App Control is a security feature that blocks malicious, untrusted and potentially unwanted apps on Windows devices.
- Malicious applications are flagged by Microsoft. They may do all sorts of unwanted things on a PC, including deleting files, pushing remote control software on devices, stealing data, monitoring user activities and more.
- Untrusted applications are not necessarily malicious. Microsoft uses two main factors to determine whether an app is untrusted or not. The first determines whether the app is digitally signed, the second takes usage into account. Unsigned apps that Microsoft's cloud-based security service are not familiar with are considered untrusted.
- Potentially unwanted apps may contain unexpected ads, slow down devices, or include offers for extra software that users don't want.
Smart App Control is only active on newly installed systems. Microsoft does not provide an explanation for this, but Microsoft wants to avoid issues with already installed applications probably at this stage. Users may enable Smart App Control manually on their devices.
The feature runs in evaluation mode in the beginning to determine whether the feature should be turned on or off. Evaluation mode monitors activity on the device, but it does not block anything in that mode.
Smart App Control is turned on or off after the evaluation period automatically. Windows 11 administrators may turn the feature on or off manually, if available. Once turned off, it can't be turned on again according to Microsoft unless a clean install is performed.
When Smart App Control is turned on, it will block the execution of applications that it flags on the device. There is no option to unblock applications, e.g., by adding them to an exclusions list.
Windows 11 users may configure Smart App Control by running a search for "Smart App Control" in the search box. It is part of Windows Security in the Settings application on Windows 11 devices.
Closing Words
Smart App Control unifies several Windows Defender's protections. Windows Defender is capable of blocking malicious apps from running, and users may enable support for blocking potentially unwanted apps as well. SmartScreen, another security component, blocks untrusted applications already. All of these are now unified in Smart App Control.
The lack of an override makes the feature unusable for most use cases at the time of writing. The only option that users have is to turn it off completely, but that means that it can't be turned on again easily according to Microsoft.
Now You: what is your take on Smart App Control?
More nonsense no one asked for, its failed Windows S with a new name. Who makes a feature that can’t be toggled off and on without reinstalling? Who wants Microsoft deciding what they can run on their computer? Next step there is no way to turn it off.
“They may do all sorts of unwanted things on a PC, including deleting files, pushing remote control software on devices, stealing data, monitoring user activities and more.
Potentially unwanted apps may contain unexpected ads, slow down devices, or include offers for extra software that users don’t want.”
Ummm.. That’s Microsofts OWN software right there.
They’re just adding another layer of Microsoft malware, designed to disrupt installation of competing software. I believe this is called abuse of monopoly.
Windows is not an operating system anymore, it’s an ADVERTISING PLATFORM that you can run software on.
Absurd that an obscure, stripped Windows 11 .iso from some shady website is 100% safer to use than Microsofts default offering, and also runs much better. At least on the shady .iso you can find the malware and remove it..
If turned off it can’t be turned on without the requiremen of a clean install. I laughed two hours at least. Oh, the great Microsoft guys, they are always thinking in our amazing and weird high patience, a mixed pattern between masochism and an enjoyable sense of humor. LOL. Thanks for the article! :]
That is just based on how it works. If the application is an installer, it will write the trustworthiness to any of the files it creates (and periodically reverifies if the files are safe). Because of this, it *can’t* work on an existing install or if SAC was turned off
Potentially unwanted apps may contain unexpected ads, slow down devices, or include offers for extra software that users don’t want….. That’s good, will it remove all the Microsoft bloatware?
Guessing this is how Microsoft will enforce DMCA/DRM/Copyright and potentially block you from using apps by alternative tech that Microsoft will claim spreads “misinformation” or is just problematic to big tech and governments.
As mentioned in the article, Microsoft Defender and SmartScreen already do this – so I still have absolutely no idea what the purpose of “Smart App Control” is.
The only thing I can think of is that it’s perhaps a UI switch to enable the Attack Surface Reduction (ASR) rule “Block executable files from running unless they meet a prevalence, age, or trusted list criterion”?
The Microsoft Security team should spend more time on simplifying their settings and enabling them by default; and less time on adding even more confusing settings with pointless acronyms.
Not that it matters: the Microsoft Security team decided that it was more secure for me to stay on Windows 10 anyway – rather than upgrade to Windows 11 – because most of my machines were three years old and had 7th gen chips, and are therefore not eligible.
It’s your own fault for running such old, ancient and cheap hardware.
This is based on Windows Defender Application Control (WDAC) with ISG on but far far easier to use and can be set up out of the box
Another excuse for m$ to snoop around in your personal data. Have they even commented on what data gets uploaded to their servers?
Last time I left Defender on by mistake it obliterated all my bat files.
By the time MS gets this redundant layer on top of numerous replicate features to work right, Windows will be illegal.
What a concept!
:)
The fact that “The lack of an override makes the feature unusable for most use cases at the time of writing.” raises a big red flag for me.
Is Microsoft sometimes working towards the situation that you can only use Microsoft store programs?
Does Microsoft perhaps intend to work towards a situation whereby if you are totally dependent on their store programs you will have to pay for even the free programs because of administration costs?
And does Microsoft has the SAC abbreviation derived from the (US, military) Acronym of Strategic Air Command or more likely to me from Initialism of saeclum ante Christum (“era before Christ”).
I have a safe and stable alarm app that’s likely to be classified as untrusted. I haven’t found anything comparable. It’s one of the reasons I haven’t moved to Windows 11 yet. I’ll be upgrading, so it won’t be a clean install. If Microsoft adds this to upgrade versions, I hope someone comes up with a way to disable it.
No user override? Yeah I figured the word “control” was key, but not for the user. Microsoft knows best. The plebs can’t be left to their own devices or they’d hurt themselves! Oh and think of the children too! Apple’s anti-CSAM mechanisms have always been about control and surveillance and no doubt similar things will eventually make it’s way into Windows, all under the guise of your protection of course. And if you dare to object then you must support child abuse! That’s how they always spin it anyways.
I have Windows 11 and what you are describing is NOT on my PC. I can’t control anything, can’t change my default browser or other apps it’s rather annoying and Google search is not helpful at all. I need actual help from a technician that’s not going to charge me an arm & leg to just click a button that I don’t know is there. Someone please help. Thank you.
Big brother is watching.
Incredible, smart app control attacks itself!
Suddenly, I get every second popups like these
Part of this app has been blocked
Some features of .NET Runtime Otimzation Service may not work because we can’t confirm who published Microsoft.Build.Dll that the app tried to load
It mentions system.dll etc all as ‘cannot confirm the (signature) publisher is valid; the publisher of all this stuff is microZoft itself, no?
So smart app control has the cramps….and I turned it OFF, forever
Thinking over as to what may have happened, is that a regular windows update, has updated some windows components of for example .net optimization services, and that the updated dll’s were not yet known to the smart app cloud control. Probably the barrage of smart app popups would not be there anymore the next day. So this microZoft spyware may have some child deseases, glad I turned it OFF.
I like the feature but ultimately it confused me…..one day an app would be allowed to run and then come next day BAM no it doesnt like the dll its loading or cant verify a cert….but then why did it work the first time?
I had it on for over a month and ultimately had to disable it bc it would block Neural DSP and iLok (i checked the certificate details for both apps and it all looked fine)
So idk whats up with that. But overall i can see it being very useful once they iron out some bugs and of course allow the override.