New Update Smart App Control - Windows 11 22H2 feature promises significant protection from malware

[oldschool]

Occasionally - I have to get Microsoft to whitelist stuff via SAC Feedback, which is not a fast process.

Indeed. I submitted an unsigned, non-prevalent app .exe and not a peep from SAC when I run it now.

The "user unfriendliness" of SAC is not nearly as bad as is stated except for those users who are prolific installers of applications and - particularly - games.

It's certainly fine for me, with my simplified setup.

Microsoft is never, ever, going to cater to those folks and M$ wants to be rid of such people except for those that purchase apps and games via the Microsoft Store.

Is that wrong? I don't think so.

I don't either. Look at how Apple does it with their strict gatekeeping. Google is even tending in that direction with Android.

 

[Parkinsond]

I had a simular experience (like @Freki123) on my wife's laptop with a photobook application. Reverted back to Microsoft Defender on MAX with H_C in SWH mode also blocking sponsors. To prevent the confusing messages of MD protected folders I set it to block disk modification only and installed AVAST free ransomware protection and Avast firewall. Although early days, this setup runs perfectly since july this year.

Can Avast web protection be installed with Microsoft defender without Avast antivirus or behavioral protection to avoid conflict with defender?

 

[oldschool]

The company says ... Smart App Control is a proactive antimalware solution rather than being reactive like a traditional AV. Thus the benefit is twofold according to Microsoft. Not only do users get better performance and a snappier system, but SAC can also neutralize new threats based on suspicious behavior that it can pick up based on its past machine learning and cloud data. It writes:

Smart App Control takes a proactive approach, blocking suspicious apps before they get the chance to do any harm. Traditional antivirus, however, is more reactive, responding to threats only after they've been detected on your system. This means traditional antivirus is excellent at identifying and removing known threats, but it may not catch new or sophisticated ones as quickly.

Microsoft reveals unexpected way that Windows 11 clean install can boost your PC performance

Microsoft has shared an interesting feature that can help cleanly-installed Windows 11 PCs boost performance.

www.neowin.net

 

[Fan-of-spyshelter]

Microsoft reveals unexpected way that Windows 11 clean install can boost your PC performance

Microsoft has shared an interesting feature that can help cleanly-installed Windows 11 PCs boost performance.

www.neowin.net

smart control is patched or not yet ?

see : Windows Smart App Control, SmartScreen bypass exploited since 2018

i don't trust AI in secure app, but this is my opinion of course.

 

[Templarware]

Have anyone set it to Active and see how many false positives we get?

 

[Andy Ful]

smart control is patched or not yet ?

see : Windows Smart App Control, SmartScreen bypass exploited since 2018

The known issues related to MotW bypasses were patched.
Other issues are related to the simplified SAC's design:

• Signed malware: signing malicious payloads using valid code-signing (files with fake certificates are considered unsigned).
• Reputation hijacking: finding and repurposing apps with a good reputation to bypass the system.
• Reputation seeding: deploying attacker-controlled binaries onto the system (e.g., an application with known vulnerabilities or malicious code that triggers only if certain conditions are met).
• Reputation tampering: injecting malicious code in binaries without losing associated reputation.

Anyway, SAC is intended for home users and hybrid work, where the above issues are rarely exploited. Although SAC is "incredibly efficient security" at home, it cannot be considered a comprehensive protection against highly targeted attacks on Enterprises (Microsoft recommends applying App Control for Businesses).

 

[oldschool]

smart control is patched or not yet ?

see : Windows Smart App Control, SmartScreen bypass exploited since 2018

I have no idea.

i don't trust AI in secure app, but this is my opinion of course.

??

Have anyone set it to Active and see how many false positives we get?

Yes, and no false positives, but be aware I have few 3rd party apps installed. It didn't even blink at one unsigned app written in Python that I use. I did see a FP in an app I no longer use. Also, be aware that some blocks may not render an app unusable.

 

[oldschool]

Anyway, SAC is intended for home users and hybrid work, where the above issues are rarely exploited. Although SAC is "incredibly efficient security" at home

Precisely why I use it.

 

[Templarware]

I disabled mine by accident when I was troubleshooting something, now I need to reinstall Windows, this is so stupid... Well maybe next time.l

 

[oldschool]

I disabled my by accident when I was troubleshooting something, now I need to reinstall Windows, this is so stupid... Well maybe next time.l

You can use the reset feature, keeping files and some settings, in Windows, if it makes a difference for you.

 

[Templarware]

You can use the reset feature, keeping files and some settings, in Windows, if it makes a difference for you.

That makes zero sense, it always had. It gives you all the work of reinstalling every program and start every session on every website, without having a fresh Windows install.

 

[oldschool]

It gives you all the work of reinstalling every program and start every session on every website, without having a fresh Windows install.

But it works fine if all you want to do is re-enable SAC. And I actually find it to be less work because quite a few settings are retained. To each his own, I suppose.

 

[SeriousHoax]

Microsoft reveals unexpected way that Windows 11 clean install can boost your PC performance

Microsoft has shared an interesting feature that can help cleanly-installed Windows 11 PCs boost performance.

www.neowin.net

It's a bit confusing because I expect Microsoft Defender to still monitor running processes and look for malicious behavior whether they were given green light by SAC or not
But anyway, SAC is not for me as I run a few unsigned apps and play cracked games from time to time.

 

[Andy Ful]

It's a bit confusing because I expect Microsoft Defender to still monitor running processes and look for malicious behavior whether they were given green light by SAC or not

From the article, it does not follow that Microsoft Defender stops monitoring running processes (Microsoft Defender is not mentioned at all). It follows that SAC does not do it, and traditional AVs usually do. The performance advantage would be only when SAC could replace a traditional AV, but we can also read:

What’s the best antivirus for PCs?

While Windows 11 Smart App Control offers advanced, proactive protection, it is designed to complement rather than replace traditional antivirus software. For the best protection, combining both offers a comprehensive defense against a wide range of threats. Try Windows 11 today to enjoy this enhanced security setup.

Discover Smart App Control | Microsoft Windows

Looking for one of the best antivirus solutions for your PC? Explore how Smart App Control complements traditional antivirus software to protect your PC.

www.microsoft.com

 

[Templarware]

Also, be aware that some blocks may not render an app unusable.

Is it possible for it to block an app partially and don't even notify you?

 

[oldschool]

Is it possible for it to block an app partially and don't even notify you?

I don't believe so.