Security | Vulnerability Scans and Assessment Windows

How to enable Smart App Control on Windows 11


Smart App Control (SAC) adds significant protection from new and emerging threats by blocking apps that are malicious or untrusted. Smart App Control also helps to block potentially unwanted apps. These are apps that may cause your device to run slowly, display unexpected ads, and offer extra software you didn’t want. Or do other things you don’t expect. SAC works alongside your other security software, such as Microsoft Defender or non-Microsoft antivirus tools, for added protection. In this article, you will learn How to enable Smart App Control and Reputation-Based Protection in Windows 11. Kindly refer to these related guides. Enable or Disable Core Isolation Memory Integrity in Windows 10 and Windows 11, and how to fix an account with the same name exists in Active Directory, re-using the account was blocked by a security policy.

Note: Smart App Control can be used on new Windows 11 installs only. It was introduced in Windows 11 22H2. If you received it as part of a Windows update on an already running device you won’t be able to turn it on unless you reset your PC or re-install Windows.

It will interest you to know that Smart App Control was introduced in Windows 11 to complement Microsoft Defender’s and other security features like SmartScreen or Controlled Folder Access etc., thereby providing improved protection against untrusted Apps and adding a protective layer against ransomware. Please here is an interesting guide on how to clear Cache and Manually Update Microsoft Defender.

How Does Smart App Control Work?

When you try to run an app on Windows, Smart App Control will check to see if our intelligent cloud-powered security service can make a confident prediction about its safety. When the service believes the app to be safe, Smart App Control will let it run. If the app is believed to be malicious or potentially unwanted, then Smart App Control will block it.

When the security service is unable to make a confident prediction about the app, then Smart App Control checks to see if the app has a valid signature. If the app has a valid signature, Smart App Control will let it run. If the app is unsigned, or the signature is invalid, Smart App Control will consider it untrusted and block it for your protection.

To view the Smart App Control settings, navigate to Settings > Privacy and security > Windows Security

This will open the Windows Security Protection areas. Click on App & browser control as shown below.


Click on Smart app control settings. I am sorry, this is in German. To my German readers, this is great right?!


SAC Settings options

As you can see below, Smart App control (SAC) is currently deactivated. Under Smart App Control Settings, the following options are available:

  • On: It will block malicious and untrusted apps. This means the evaluation process has considered Smart App Control safe to run on the end-user system and will not get in the way of legitimate processes and procedures.
  • Evaluation: In this learning mode (audit” mode), the feature will evaluate if the app disturbs you too much, and if so, will block it in the future. The system will then automatically transition to on mode. Therefore, a system in evaluation mode will not block any applications. If the process finds apps that are not good candidates for Smart App Control or that Smart App Control may cause issues, the solution is turned off.
  • Off: If it is Off, then the feature cannot be turned on without reinstalling Windows. If Smart App Control interferes with legitimate processes or services, it will be turned off.

Why is the Smart App Control deactivated?

Smart App Control is only available on clean installs of Windows 11. If you have a clean install of Windows 11, these other reasons could be a factor why Smart App Control could be turned off.

  • During evaluation mode, we determined that you weren’t a good candidate for Smart App Control.
  • It was turned off manually by you or another user signed into your machine.
  • You have optional diagnostic data in Windows turned off. If you want to turn Smart App Control on, you’ll need to reset this PC, or reinstall Windows, and select Send optional diagnostic data during the setup process.

You may want to re-install Windows 11 thereby making this feature available to you. Kindly refer to these suggested guides: You can also turn On or Off Smart App Control using the Windows registry file.

Why am I unable to return to Evaluation mode for Smart App Control?

If the Evaluation mode period is over or you manually turned Smart App Control ON or OFF, then you will not be able to return to the evaluation mode directly. However, if you reinstall the operating system, you might return to Evaluation mode for Smart App Control. Here are some related guides on Windows installation: How to install Windows 11 on HyperV, how to install Windows 11 in Oracle VirtualBox with no TPM Support, and how to Install Windows Admin Center on Windows 10 and Windows 11.

I hope you found this blog post helpful. Now, you have learned how to enable Smart App Control and Reputation-Based Protection in Windows 11. If you have any questions, please let me know in the comment session.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x