Update Windows 11 22H2 Update: security improvements

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
8,072

Smart App Control​


Smart App Control is a new security feature that is designed to improve protection against untrusted applications.

Microsoft describes the feature in the following way:
Smart App Control is a new feature for individuals or small businesses designed to help prevent scripting attacks and protect users from running untrusted or unsigned applications often associated with malware or attack tools

smart app control


Broken down to its core, Smart App Control blocks the execution of certain file types downloaded from the Internet and untrusted applications. It is a cloud-powered security service according to Microsoft. When Smart App Control determines that the app is safe,

Here is an overview of the different scan results of the security feature:
  • App is determined safe -- allowed to run on the Windows 11 PC.
  • App is determined to be malicious or potentially unwanted -- blocked from running on the PC.
  • Smart App Control can't predict either way:
    • if the app has a valid signature -- allowed to run on the Windows device.
    • if the app has no valid signature -- blocked from running on the PC.

When enabled Smart App Control runs in evaluation mode at first. Windows 11 uses the mode to determine whether Smart App Control should be enabled in full mode on the system. The execution of apps and files is not blocked in evaluation mode.

There is currently no option to allow the execution of an app that Smart App Control blocked on the system.

Smart App Control may be turned off by system administrators, but the turning off is permanent. There is no option to enable the security feature again after it has been turned off on the running system. The only available options, according to Microsoft, are to reset the PC or to clean install Windows 11.

Additionally, Smart App Control is only available on new Windows 11 2022 Update installations. Upgraded devices won't get the feature. A likely reason for that is that the feature may interfere with applications and files that are already on the Windows PC.

smart app control blocked

Enhanced phishing protection​


Enhanced phishing protection is a new security feature that is integrated into the Windows 11 2022 Update. Windows 11 detects automatically when users enter the Windows account password into applications or websites, and checks whether the app or website has a secure trusted connection.

If that is not the case, Windows 11 informs users about the potential danger- Enhanced phishing protection works with Microsoft Account, Active Directory, Azure Active Directory and local passwords, any Chromium-based browser and applications.

phishing-protection.png



Whenever enhanced phishing protection detects unsafe usage of the Windows passwords, two things happen:
  1. The user is informed about the issue and gets the suggestion to change the account password immediately.
  2. The incident is reported to IT through the MDE portaIT through the MDE portal.
Enhanced Phishing Protection warns users about reuse of the Windows 11 account password next to that using a popup. Last but not least, Windows Security will warn users if they try to store the account password in a local app, such as Notepad.

The feature is part of SmartScreen.

Windows 11 administrators may configure it on the following way:
  1. Open Start > Settings, or use Windows-I to open the Settings app using the keyboard shortcut.
  2. Go to Privacy & Security > Windows Security.
  3. Activate the "Open Windows Security" button on the page.
  4. Open App & Browser Control.
  5. Select the "Reputation-based protection settings" link on the page that opens.
  6. The following options are listed under Phishing Protection:
    • Turn phishing protection on or off.
    • "Warn me about malicious apps and sites" (on by default).
    • "Warn me about password reuse" (off by default).
    • "Warn me about unsafe password storage" (off by default).
Additional information about the feature, including Enterprise policy options, is available on Microsoft's Tech Community website.

Vulnerable driver protection​


Microsoft added two new protections that protect Windows 11 devices against driver attacks. Drivers, just like other software, may introduce security issues, which threat actors may exploit.

The Windows 11 2022 Update uses a new vulnerable driver block list to block certain drivers from being loaded by the operating system. Often, updated drivers are available, which administrators may install to add support for a device to the operating system.

The block list feature takes advantage of Windows Defender Application Control to block vulnerable driver versions from running on the Windows device.

The second protective feature is called Hypervisor-protected code integrity (HVCI), which uses virtualization-based security (VBS). It is available on devices with Intel 8th generation or newer chipsets.

At its core, it ensures that only validated code may be executed in kernel mode. It achieves this by running kernel mode code integrity "inside the secure VBS environment instead of the main Windows kernel".

It protects against attacks that rely "on the ability to inject malicious code into the kernel" of the Windows operating system.

Credential Guard
Credential Guard is enabled on Windows 11 Enterprise systems. Microsoft notes that the feature increase protections from vulnerabilities "greatly" and that it prevents "the use of malicious exploits that attempt to defeat protections".
 

rain2reign

Level 8
Verified
Well-known
Jun 21, 2020
375
I didn't know this option existed till now. I forced the update yesterday through mounting the ISO, by downloading it from the official Microsoft webpage. The option was turned off for me by default, probably because I upgraded to Windows 11 from Windows 10 when it first became available. Bugged or never got activated?

However, according to Microsoft (source) that can only be reverted by doing a clean reinstallation. Which is too much trouble for me at this moment.
1663847938183.png


That is the only way for those in the same situation as myself, currently.
 

Gandalf_The_Grey

Level 64
Verified
Honorary Member
Top poster
Content Creator
Well-known
Apr 24, 2016
5,353

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
8,072
In some cases even after clean install Windows 11, it's possible that Smart App Control remains turned off automatically by Microsoft, for this reason:
We start in evaluation mode. This is a period during which Windows tries to determine if you're a good candidate for Smart App Control. If you are a good candidate for Smart App Control, then it will automatically be turned on. If not, it'll be turned off.
Essentially, we're looking to see if Smart App Control is going to get in your way too often. There are some legitimate tasks that some corporate users, developers, or others may do regularly that may not be a great experience with Smart App Control running. If we detect during evaluation mode that you're one of those users, we'll automatically turn Smart App Control off so you can work with fewer interruptions.
 

CyberTech

Level 38
Verified
Top poster
Well-known
Nov 10, 2017
2,730
Windows 11 22H2 was just released, and with it comes a new security feature called Enhanced Phishing Protection that warns users when they enter their Windows password in insecure applications or on websites.

Windows login credentials are valuable to threat actors as they allow them to access internal corporate networks for data theft or ransomware attacks.

These passwords are commonly acquired through phishing attacks or by users saving their passwords in insecure applications, such as word processors, text editors, and spreadsheets.

In some cases, simply typing your password in a phishing login form, and not submitting them, is enough for them to be stolen by threat actors.

To combat this behavior, Microsoft introduced a new feature called 'Enhanced Phishing Protection' that warns users when they enter their Windows password on a website or enter it into an insecure application.

Full article
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
21,197
It's "Unsafe to store a password in Notepad", but safe enough to let your Clipboard history sync to the cloud which may contain sensitive data.

 
Top