Microsoft improves Windows 11's Smart App Control, but you may not be able to use it

Martin Brinkmann
Aug 4, 2022
Windows 11 News

The Windows 11 Security feature Smart App Control was unveiled earlier this year by Microsoft. Back then, Microsoft described it as a protective tool that "blocks untrusted or potentially dangerous applications".

What made the tool unique at the time was that it determined whether it should run on a Windows 11 device or not. Smart App Control runs in evaluation mode in the beginning; it is in this mode that the app determines whether it should be turned on.

Microsoft did reveal that users could enable Smart App Control in the App & Browser Control section of the Windows Security application. Smart App Control is activated on new Windows 11 installs only according to Microsoft.

Microsoft updated Smart App Control recently, according to a message on Twitter by David Weston, Microsoft's VP for Enterprise and OS Security. According to Weston, Smart App Control is blocking specific file types automatically if they come from the Internet.

Windows 11 with smart app control blocks iso and lnk files that have mark of the web just like Macros.

The protective feature copies the protections that Microsoft implemented recently to block the execution of Office files with macros, provided that the Office files came from the Internet zone.

Microsoft plans to update the documentation, which lacks information and clarity. Bleeping Computer got their hands on an extended list of file extensions that Smart App Control blocks by default. Besides iso and lnk, Smart App Control appears to block IMG, VHD, VHDX, .appref-ms, BAT, CMD, CHM, CPL, JS, JSE, MSC, MSP, REG, VBE, VBS and WSF files, provided that they come from an unsafe location.

Smart App Control displays the following message on the screen if it blocked the execution of a file on the Windows 11 machine:

Smart App Control blocked an app that may be unsafe.

This file was blocked because files of this type from the internet can be dangerous.

Smart App Control: Only for new installs and reset devices

The main caveat when it comes to Smart App Control is that it is only ever active on new installs or machines that have just been reset. Apparently, Microsoft added the limitation to Smart App Control to ensure that no malicious apps or programs are already running on the device.

Only some Windows 11 users will have access to Smart App Control. Even on new installs, Smart App Control may decide to turn itself off during the evaluation phase. In that case, users have no option to turn it on once it has been turned off.

Now You: what is your take on Smart App Control and the extensions that it blocks automatically?

Article Name
Microsoft improves Windows 11's Smart App Control, but you may not be able to use it
Microsoft has improved the Windows 11 security feature Smart App Control. It blocks certain file extensions from unsafe locations automatically now.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Anonymous said on September 22, 2022 at 11:00 pm

    Fairly stupid not being able to manually switch on if it is switched off.

  2. Rixster said on August 4, 2022 at 5:22 pm

    Waiting for a tweak to have this activated afterwards

  3. Anonymous said on August 4, 2022 at 10:55 am

    Those with little experience who are prone to visit any website and test any app they find there probably should use it. More cautious people who test programs via VirusTotal, run a well-reputed AV and regularly run a second opinion scan are probably quite safe without it. Microsoft treats everyone as belonging in the first category. I doubt many of those visit ghacks.

    In my case, Smart App Control is on with standard settings. I almost never visit Microsoft’s app store, preferring old-fashioned programs and only use a few well known examples of those. So far the control hasn’t found anything that upset it.

    1. Anonymous said on September 22, 2022 at 11:06 pm

      You can get zero-day apps and programs anywhere. Hackers relatively infiltrate large company and government website, who employ highly qualified IT security people. if you think you are quite safe because virus-total passes a program, think again.

      In theory, Microsoft tests store apps so you shouldn’t get anything other than zero-day apps via the store. Where did I say you can get zero-day apps!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.