Microsoft improves Windows 11's Smart App Control, but you may not be able to use it
The Windows 11 Security feature Smart App Control was unveiled earlier this year by Microsoft. Back then, Microsoft described it as a protective tool that "blocks untrusted or potentially dangerous applications".
What made the tool unique at the time was that it determined whether it should run on a Windows 11 device or not. Smart App Control runs in evaluation mode in the beginning; it is in this mode that the app determines whether it should be turned on.
Microsoft did reveal that users could enable Smart App Control in the App & Browser Control section of the Windows Security application. Smart App Control is activated on new Windows 11 installs only according to Microsoft.
Microsoft updated Smart App Control recently, according to a message on Twitter by David Weston, Microsoft's VP for Enterprise and OS Security. According to Weston, Smart App Control is blocking specific file types automatically if they come from the Internet.
Windows 11 with smart app control blocks iso and lnk files that have mark of the web just like Macros.
The protective feature copies the protections that Microsoft implemented recently to block the execution of Office files with macros, provided that the Office files came from the Internet zone.
Microsoft plans to update the documentation, which lacks information and clarity. Bleeping Computer got their hands on an extended list of file extensions that Smart App Control blocks by default. Besides iso and lnk, Smart App Control appears to block IMG, VHD, VHDX, .appref-ms, BAT, CMD, CHM, CPL, JS, JSE, MSC, MSP, REG, VBE, VBS and WSF files, provided that they come from an unsafe location.
Smart App Control displays the following message on the screen if it blocked the execution of a file on the Windows 11 machine:
Smart App Control blocked an app that may be unsafe.
This file was blocked because files of this type from the internet can be dangerous.
Smart App Control: Only for new installs and reset devices
The main caveat when it comes to Smart App Control is that it is only ever active on new installs or machines that have just been reset. Apparently, Microsoft added the limitation to Smart App Control to ensure that no malicious apps or programs are already running on the device.
Only some Windows 11 users will have access to Smart App Control. Even on new installs, Smart App Control may decide to turn itself off during the evaluation phase. In that case, users have no option to turn it on once it has been turned off.
Now You: what is your take on Smart App Control and the extensions that it blocks automatically?