Smart Application Control (SAC) - Why it behaves as it does....

  • Thread starter ForgottenSeer 95367
  • Start date
F

ForgottenSeer 95367

Thread author
Untitled.png


1666877198195.png
 

Ink

Administrator
Verified
Jan 8, 2011
22,490
Smart move.

1. Running security on a fresh device is better than trying to clean up an infected one.
2. This is still new technology territory, learning and feedback phase?
3. Nothing out of the ordinary. Many services are limited to certain countries before a global release.

Theory: Microsoft likely have the enough data to know which regions have the cleanest PCs, and ideal regions to test this tech most effectively.

Microsoft's push for 'developers' to sign their apps.


Microsoft have been more transparent in recent years.

Screenshot 2022-10-27 at 14.34.52.png

Image: Windows help & learning
 
F

ForgottenSeer 95367

Thread author
Smart move.
Microsoft learned a very valuable lesson from Windows S Mode; blocking users from "doing stuff" provides the best security.

2. This is still new technology territory, learning and feedback phase?
I think SAC is still half-baked. I've observed different SAC behaviors on a W11 system that was upgraded to 22H2 (I can enable SAC or put it into Evaluation Mode) and on a clean install of W11 (SAC is disabled). There is no rhyme nor reason, and without any deep dive explanation from Microsoft, we cannot be sure if Microsoft intends these behaviors or it is something else - as in wonky or bugs.
 

bellgamin

Level 4
Verified
Well-known
Oct 11, 2016
160
For Windows 7 through 11, SpyShelter provides granular app control by means of 2 components: (1) Host Based Intrusion Protection System (HIPS), and (2) Application Execution Control. If Win 11 (or Win 12) eventually can do an equal or better job, I will possibly upgrade my OS.
 
  • Like
Reactions: JB007

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,538
SpyShelter protection is very different from Windows 11 built-in protection with enabled SAC.
With SpyShelter you "cook your meals" by yourself. It is OK if you are a good cook.
With SAC you are going to the Microsoft restaurant. It is OK if you can eat standardized (Microsoft-approved) meals. :)(y)
 

legendcampos

Level 6
Verified
Aug 22, 2014
286
Hello everyone! Sorry to revive this topic but it is not possible to pass the cloth to this new microsoft technology, in theory an extra layer of protection is good, but in practice it is being a headache, the windows dlls themselves are being blocked, I hope that with time improve or abandon. (n)
 
  • Wow
Reactions: oldschool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top