What is Windows Smart App Control and why does it need the update
Microsoft introduced the Smart App Control (SAC) security feature by including it with the latest OS version — Windows 11. Recently, Microsoft restarted blocking macros in Office files downloaded from the Internet. This decision by the tech giant forced attackers to switch to new file types to deliver their malicious payloads on victims’ devices, including — ISO, RAR, and Windows Shortcut (LNK) files.
Weston has shared a tweet to confirm, “Windows 11 with smart app control blocks .iso and .lnk files that have the mark of the web just like Macros.” The report also states that Microsoft’s claims were tested to check authenticity. As per the report, SAC now automatically stops IMG, VHD, and VHDX files from opening and it also blocks other files from running like — .appref-ms, .bat, .cmd, .chm, .cpl, .js, .jse, .msc, .msp, .reg, .vbe, .vbs and .wsf files.
Moreover, the tool is currently under development and is only available to the members of the Windows Insider program. Microsoft is expected to bundle this feature with an upcoming Windows 11 update to make it available for the general public, the report suggests.
How does this feature work
As per Microsoft’s official blog, when users try to run an app on Windows, the Smart App Control feature checks if the cloud-powered security service can make a confident prediction about its safety.
If the service considers the app to be safe it will allow it to run, but if the security app fails make a confident prediction about the app, it blocks the same with this message: “Smart App Control blocked an app that may be unsafe. This file was blocked because files of this type from the internet can be dangerous.”
Moreover, if the security service is unable to make a confident prediction about the app, then Smart App Control will check if the app has a valid signature. If the app has a valid signature it will be allowed to run otherwise it will be considered untrusted and will be blocked.
How to enable this feature
Insiders who are testing the feature will be able to find the settings for Smart App Control in the App & browser control panel of the Windows Security app. Meanwhile, users can also search for the feature by tapping the Start button.
Drawbacks of this security feature
The Windows Smart App Control feature works along with security software like Microsoft Defender to defend users against attacks, however, this feature still has some flaws that the tech giant needs to resolve before it is rolled out to the wider public. Firstly, this feature is currently available only for Windows Insiders on systems running Windows 11.
Moreover, this feature can only be used on clean installs of Windows 11 to ensure that no existing untrusted apps are running on the device, which forces users to reinstall or reset their systems to try the new feature. Users who are running previous versions of Windows 11 will have to be reset and have a clean installation of Windows 11 to take advantage of this feature.
Apart from that, Microsoft’s official blog doesn’t mention SAC blocking specific file types that were revealed by Weston. The company also mentions that the feature might get deactivated automatically on some systems after an “evaluation mode” is performed to check if the device is capable of running this feature without ruining the user experience. SAC will be disabled in these systems until they are approved in the “evaluation mode”
Lastly, the company has not provided any SAC exclusion list that will prevent it from triggering when users try to open a specific app or file.