- Mar 29, 2018
- 7,597
Microsoft Defender (Config MAX) + Smart App Control
- Thread starter Shadowra
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Because the whole point of SAC is to ensure that the system is clean and that SAC will only permit installs of what Microsoft has determined to be "non-malicious" or "non-PUA."
Microsoft is trying to put a stop to "users who want to use stuff" from downloading and executing whatever they want. It is an unpopular position, but at the same time catering to "users who want to use stuff" with default-allow absurdity is a primary cause of the out-of-control malware problem. Permitting unmanaged users to do what they want is an ideology that is both obsolete and asinine in this day and age.
In short, with SAC, Microsoft is trying to implement a "softer and easier way" to enforce Windows S mode.
- Dec 10, 2022
- 402
If they are worried a users could switch the protection off they could password protect it it’s a simple fix heck even add 2FA to it.
- Mar 29, 2018
- 7,597
An update to my post #39 above:
It seems that SAC allows some non-prevalent, unsigned software after a bit of time has passed, not unlike nor exactly like Smartscreen. In my previous post, I could install Eloston Ungoogled Chromium but couldn't install the Marmaduke version. Today, I was able to install the Marmaduke version, which is about 2 weeks since its release. I guess ISG changed its mind about Marmaduke. SAC may be bit more subtle and friendly than some first thought.
It seems that SAC allows some non-prevalent, unsigned software after a bit of time has passed, not unlike nor exactly like Smartscreen. In my previous post, I could install Eloston Ungoogled Chromium but couldn't install the Marmaduke version. Today, I was able to install the Marmaduke version, which is about 2 weeks since its release. I guess ISG changed its mind about Marmaduke. SAC may be bit more subtle and friendly than some first thought.
- Dec 23, 2014
- 8,491
SAC uses both ISG and SmartScreen.
The Marmaduke version still triggers a SmartScreen alert on my computer, but it is allowed by the Defender ASR rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria" which is also based on ISG. So you are right that ISG AI decided after some time to consider the installer safe.
Edit.
The most probable scenario is that someone (maybe the developer) has submitted the installer to Microsoft to remove the false positive.
Last edited:
- Mar 16, 2019
- 3,862
This ASR rule is ineffective for those falsely inflated large sized malware (like 700 MB). Same for SmartScreen. Would SAC be able to block those? Cloud based hash checking doesn't work because of the size. Many of the samples are also signed using leaked/stolen certificates.
- Dec 23, 2014
- 8,491
Defender and SmartScreen can have sometimes a problem. Are you sure that the ASR rule is ineffective too?
- Mar 16, 2019
- 3,862
Yeah, I'm sure. I have tested multiple times on a Windows 10 VM.
Edit: Let me know if you need a sample to test.
- Dec 23, 2014
- 8,491
Yes. I would like to investigate this a little.
But, I believe you. This ASR rule does not block new files (never executed before on the particular computer) if you disconnect the computer from the Internet. But, if the file was once executed and blocked, then the flag is added to this file and it will be blocked also when offline.
SAC works differently - it will block the new file even without an Internet connection.
Last edited:
Similar threads
