Smart App Control in Windows 11 explained
Microsoft unveiled a new security feature in a recent Insider build for its Windows 11 operating system that it calls Smart App Control.
Microsoft describes it as a security feature for Windows 11 "that blocks untrusted or potentially dangerous applications". Smart App Control runs in evaluation mode at first according to Microsoft, but it may turn itself on automatically.
SAC is first configured in evaluation mode. While SAC is in evaluation mode, it will learn if it can help protect you without getting in your way too much. If so, it will automatically be turned on. Otherwise, it will automatically be turned off. While in evaluation mode, a user can manually turn on SAC in the Windows Security app under the App & Browser Control section
The description is vague and it left many questions unanswered.
What is Smart App Control?
Smart App Control is a security feature that blocks malicious, untrusted and potentially unwanted apps on Windows devices.
- Malicious applications are flagged by Microsoft. They may do all sorts of unwanted things on a PC, including deleting files, pushing remote control software on devices, stealing data, monitoring user activities and more.
- Untrusted applications are not necessarily malicious. Microsoft uses two main factors to determine whether an app is untrusted or not. The first determines whether the app is digitally signed, the second takes usage into account. Unsigned apps that Microsoft's cloud-based security service are not familiar with are considered untrusted.
- Potentially unwanted apps may contain unexpected ads, slow down devices, or include offers for extra software that users don't want.
Smart App Control is only active on newly installed systems. Microsoft does not provide an explanation for this, but Microsoft wants to avoid issues with already installed applications probably at this stage. Users may enable Smart App Control manually on their devices.
The feature runs in evaluation mode in the beginning to determine whether the feature should be turned on or off. Evaluation mode monitors activity on the device, but it does not block anything in that mode.
Smart App Control is turned on or off after the evaluation period automatically. Windows 11 administrators may turn the feature on or off manually, if available. Once turned off, it can't be turned on again according to Microsoft unless a clean install is performed.
When Smart App Control is turned on, it will block the execution of applications that it flags on the device. There is no option to unblock applications, e.g., by adding them to an exclusions list.
Windows 11 users may configure Smart App Control by running a search for "Smart App Control" in the search box. It is part of Windows Security in the Settings application on Windows 11 devices.
Closing Words
Smart App Control unifies several Windows Defender's protections. Windows Defender is capable of blocking malicious apps from running, and users may enable support for blocking potentially unwanted apps as well. SmartScreen, another security component, blocks untrusted applications already. All of these are now unified in Smart App Control.
The lack of an override makes the feature unusable for most use cases at the time of writing. The only option that users have is to turn it off completely, but that means that it can't be turned on again easily according to Microsoft.
Now You: what is your take on Smart App Control?
There is not still W11 23H2 and these instructions are nonsense by now. :[
It worked for me just fine. You’re probably not following the instructions clearly.
Just tried the password option and the OOBE option and didnt work.
Worked perfectly. Thank OP.
Worked perfectly for me just now. Specifically, the regedit option.
Is this cut and paste from a Microsoft PR paper, because it 1000% BS:
“By listening to user insights, Microsoft has demonstrated its commitment to refining the Windows experience based on real-world needs.”
Windows 11 is proof they don’t give a s*it.
Worked for me just now
I agree! Windows 11 was a downgrade to me and I kept all 8 computers in our family on Windows 10 as a result. They didn’t listen to any customers. The taskbar was THE main reason I stayed away from Windows 11. With 6 monitors, it is impossible to navigate so many browser tabs, without the feature. I will try the new version in the virtual box to see if it is worth it yet.
Microsoft did a terrible job with this implementation.
They simply need to employ the creator of StartAllBack to fix Windows. He is smarter and more talented than the entire campus of Microsoft employees.
lol
Thank you so much! I work in IT and this is extremely useful information!
Thanks man. The second method worked great!
I used the second method, and i got exactly what i expected.
Using the Bypass 2: Use a banned email address email worked fantastically as I had gone to far to use the bypass 1.
I will be back when I next have a problem.
Keep you the great work
W11 File Explorer is the worst crap ever done. W11 is the biggest shame ever.
Just one more reason for me to go to Linux when Windows 10 ages out.
@ MarineRecon,
Be careful which Linux distro you choose. Some of them don’t include the Wayland protocol which is a security issue i.e. apps can copy, paste and inject data without user interaction.
It’s included in Fedora: https://docs.fedoraproject.org/en-US/fedora/latest/system-administrators-guide/Wayland/
How about a DARK MODE for your website? That would be oh so nice.
Something like this : [https://img.justpaste.me/image/8617] maybe?
Done with ‘Dark Reader Extension for ? Firefox’ [https://addons.mozilla.org/en-US/firefox/addon/darkreader/]
This comment was written on [https://www.ghacks.net/windows-11-installation-has-failed-how-to-fix-this-upgrade-error/#comment-4573155}
Definitely NOT! Once you get older and your eyesight starts to fail you’ll positively loathe dark mode.
Microsoft completely ruined File Explorer by converting to XAML/WinUI/whatever new bloated modern garbage. Its worse than it ever was.
i tested it on win10 current edition. speeds up explorer like a charm
SO what is the priority numbers to give preference to ethernet over wireless?
Worked very well happy to have Windows Photo Viewer back in action in Windows-11
Worked for me (registry option) thank god, I can use the search option to find things on my computer again. Thank you so much!
Install Everything Search and dispense with Microsoft’s crappy search tool. https://www.voidtools.com/
Martin wrote an article on it: https://www.ghacks.net/2020/10/09/add-everything-search-to-the-windows-taskbar-for-even-faster-searches/
I presume the text “WindowsCopilot,,” is a typographical error (2023/09/17/how-to-disable-windows-copilot-in-windows/). The broken comment system unfortunately looks like it is populating itself via AI autopilot.
Hopefully, this Windows Copilot nonsense fails even more spectacularly than Cortana. Who requested this? We want all of the UX features removed back in 11, not this copilot nonsense.
I really don’t mind all of these Windows enhancement but Microsoft get one thing very wrong. ‘Opt in’, is far better than seek information and work to disable.
Turn off Windows Copilot entirely is not good enough.
How to uninstall Copilot entirely ?
@ ilev,
Use Gpedit or the registry. Explained in this article: https://www.ghacks.net/2023/09/17/how-to-disable-windows-copilot-in-windows/
With that snake oil salesman Panos gone, hopefully Windows can return to a normal desktop operating system without all the insanity it has right now in Windows 11.
Can we please stop being ‘politically correct’ (lying) and call them ads again instead of ‘suggestions’?