Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Benefits of Smart App control (SAC) and Core Isolation on Windows 11
Message
<blockquote data-quote="bazang" data-source="post: 1120414" data-attributes="member: 114717"><p>I use Smart App Control (SAC) on multiple personal, company, and government systems. Once in a while it will block an unsigned DLL. However, the blocking is rarely more than 24 hours even when unsigned due to the use of Microsoft's globally vast file reputation system integrated into the security functionality stack, of which SAC benefits from integration with it.</p><p></p><p>There are users out there that will drop SAC if it blocks anything, even if the block does not obviously break any functionality. With them, the problem is not SAC but their mental inability to cope with block events. They are intolerant and/or ignorant - which Microsoft is partly to blame because it does not properly explain expected behaviors and train users. Microsoft documentation is not adequate nor sufficient for users. That said, Microsoft's official position in its EULA is that users that don't know are expected to figure it out.</p><p></p><p>99.9% of the time, when SAC blocks an unsigned DLL, that DLL will not be blocked after 24 hours or less and functionality will be restored. In the corner cases where low reputation unsigned files remain blocked, I always get the publisher to digitally sign the blocked file or ensure that their updaters are properly replacing old, unsigned libraries and other executable files.</p><p></p><p>Most people that complain about SAC blocking stuff don't know what they're doing.</p></blockquote><p></p>
[QUOTE="bazang, post: 1120414, member: 114717"] I use Smart App Control (SAC) on multiple personal, company, and government systems. Once in a while it will block an unsigned DLL. However, the blocking is rarely more than 24 hours even when unsigned due to the use of Microsoft's globally vast file reputation system integrated into the security functionality stack, of which SAC benefits from integration with it. There are users out there that will drop SAC if it blocks anything, even if the block does not obviously break any functionality. With them, the problem is not SAC but their mental inability to cope with block events. They are intolerant and/or ignorant - which Microsoft is partly to blame because it does not properly explain expected behaviors and train users. Microsoft documentation is not adequate nor sufficient for users. That said, Microsoft's official position in its EULA is that users that don't know are expected to figure it out. 99.9% of the time, when SAC blocks an unsigned DLL, that DLL will not be blocked after 24 hours or less and functionality will be restored. In the corner cases where low reputation unsigned files remain blocked, I always get the publisher to digitally sign the blocked file or ensure that their updaters are properly replacing old, unsigned libraries and other executable files. Most people that complain about SAC blocking stuff don't know what they're doing. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
