Security | Vulnerability Scans and Assessment Windows

How to enable Smart App Control and Reputation-Based Protection in Windows 11

WindowsCoreSecurity

Smart App Control (SAC) adds significant protection from new and emerging threats by blocking apps that are malicious or untrusted. Smart App Control also helps to block potentially unwanted apps, which are apps that may cause your device to run slowly, display unexpected ads, offer extra software you didn’t want, or do other things you don’t expect. Smart App Control works alongside your other security software, such as Microsoft Defender or non-Microsoft antivirus tools, for added protection. Kindly refer to these related guides: Core Isolation: Enable or Disable Core Isolation Memory Integrity in Windows 10 and Windows 11, Domain Join hardening: An account with the same name exists in Active Directory, re-using the account was blocked by a security policy, and how to clear Cache and Manually Update Microsoft Defender.

Note: Smart App Control can be used on new Windows 11 installs only. It was introduced in Windows 11 22H2. If you received it as part of a Windows update on an already running device, you won’t be able to turn it on unless you reset your PC or re-install Windows. It is recommended to have the latest Windows and Defender updates installed on your device. Also, at the time of writing this guide, smart control is a Smart App Control is only recommended in the North American and European regions.

It will interest you to know that Smart App Control was introduced in Windows 11 to complement Microsoft Defender’s and other security features like SmartScreen or Controlled Folder Access etc., thereby providing improved protection against untrusted Apps and adding a protective layer against ransomware.

How Does Smart App Control Work?

When you try to run an app on Windows, Smart App Control will check to see if our intelligent cloud-powered security service can make a confident prediction about its safety. If the service believes the app to be safe, Smart App Control will let it run. If the app is believed to be malicious or potentially unwanted, then Smart App Control will block it.

If the security service is unable to make a confident prediction about the app, then Smart App Control checks to see if the app has a valid signature. If the app has a valid signature, Smart App Control will let it run. If the app is unsigned, or the signature is invalid, Smart App Control will consider it untrusted and block it for your protection.

To view the Smart App Control settings, navigate to Settings > Privacy and security > Windows Security
image-9

This will open the Windows Security Protection areas. Click on App & browser control as shown below.

image-10

Click on Smart app control settings. I am sorry, this is in German. To my German readers, this is great right?!

image-11

As you can see below, Smart App control is currently deactivated. Under Smart App Control Settings, the following options are available:

  • On: It will block malicious and untrusted apps. This means the evaluation process has considered Smart App Control safe to run on the end-user system and will not get in the way of legitimate processes and procedures.
  • Evaluation: In this learning mode (audit” mode), the feature will evaluate if the app disturbs you too much, and if so, will block it in the future. The system will then automatically transition to on mode. Therefore, a system in evaluation mode will not block any applications. If the process finds apps that are not good candidates for Smart App Control or that Smart App Control may cause issues, the solution is turned off.
  • Off: If it is Off, then the feature cannot be turned on without reinstalling Windows. If Smart App Control interferes with legitimate processes or services, it will be turned off.
image-12

Why is this so? Smart App Control is only available on clean installs of Windows 11. If you have a clean install of Windows 11, these other reasons could be a factor why Smart App Control could be turned off.

  • During evaluation mode, we determined that you weren’t a good candidate for Smart App Control.
  • It was turned off manually by you or another user signed into your machine.
  • You have optional diagnostic data in Windows turned off. If you want to turn Smart App Control on, you’ll need to reset this PC, or reinstall Windows, and select Send optional diagnostic data during the setup process.

You may want to re-install Windows 11 thereby making this feature available to you. Kindly refer to these suggested guides: You can also turn On or Off Smart App Control using Windows registry file.

Why am I unable to return to Evaluation mode for Smart App Control?

If the Evaluation mode period is over or you manually turned Smart App Control ON or OFF, then you will not be able to return to the evaluation mode directly. However, if you reinstall the operating system, you might return to Evaluation mode for Smart App Control. Here are some related guides on Windows installation: How to install Windows 11 on HyperV, how to install Windows 11 in Oracle VirtualBox with no TPM Support, and how to Install Windows Admin Center on Windows 10 and Windows 11.

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x