New Update Windows 11 22H2 Update: security improvements

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,136

Smart App Control​


Smart App Control is a new security feature that is designed to improve protection against untrusted applications.

Microsoft describes the feature in the following way:
Smart App Control is a new feature for individuals or small businesses designed to help prevent scripting attacks and protect users from running untrusted or unsigned applications often associated with malware or attack tools
Click to expand...

smart app control


Broken down to its core, Smart App Control blocks the execution of certain file types downloaded from the Internet and untrusted applications. It is a cloud-powered security service according to Microsoft. When Smart App Control determines that the app is safe,

Here is an overview of the different scan results of the security feature:
  • App is determined safe -- allowed to run on the Windows 11 PC.
  • App is determined to be malicious or potentially unwanted -- blocked from running on the PC.
  • Smart App Control can't predict either way:
    • if the app has a valid signature -- allowed to run on the Windows device.
    • if the app has no valid signature -- blocked from running on the PC.

When enabled Smart App Control runs in evaluation mode at first. Windows 11 uses the mode to determine whether Smart App Control should be enabled in full mode on the system. The execution of apps and files is not blocked in evaluation mode.

There is currently no option to allow the execution of an app that Smart App Control blocked on the system.

Smart App Control may be turned off by system administrators, but the turning off is permanent. There is no option to enable the security feature again after it has been turned off on the running system. The only available options, according to Microsoft, are to reset the PC or to clean install Windows 11.

Additionally, Smart App Control is only available on new Windows 11 2022 Update installations. Upgraded devices won't get the feature. A likely reason for that is that the feature may interfere with applications and files that are already on the Windows PC.

smart app control blocked
Click to expand...

Enhanced phishing protection​


Enhanced phishing protection is a new security feature that is integrated into the Windows 11 2022 Update. Windows 11 detects automatically when users enter the Windows account password into applications or websites, and checks whether the app or website has a secure trusted connection.

If that is not the case, Windows 11 informs users about the potential danger- Enhanced phishing protection works with Microsoft Account, Active Directory, Azure Active Directory and local passwords, any Chromium-based browser and applications.

phishing-protection.png



Whenever enhanced phishing protection detects unsafe usage of the Windows passwords, two things happen:
  1. The user is informed about the issue and gets the suggestion to change the account password immediately.
  2. The incident is reported to IT through the MDE portaIT through the MDE portal.
Enhanced Phishing Protection warns users about reuse of the Windows 11 account password next to that using a popup. Last but not least, Windows Security will warn users if they try to store the account password in a local app, such as Notepad.

The feature is part of SmartScreen.

Windows 11 administrators may configure it on the following way:
  1. Open Start > Settings, or use Windows-I to open the Settings app using the keyboard shortcut.
  2. Go to Privacy & Security > Windows Security.
  3. Activate the "Open Windows Security" button on the page.
  4. Open App & Browser Control.
  5. Select the "Reputation-based protection settings" link on the page that opens.
  6. The following options are listed under Phishing Protection:
    • Turn phishing protection on or off.
    • "Warn me about malicious apps and sites" (on by default).
    • "Warn me about password reuse" (off by default).
    • "Warn me about unsafe password storage" (off by default).
Additional information about the feature, including Enterprise policy options, is available on Microsoft's Tech Community website.
Click to expand...

Vulnerable driver protection​


Microsoft added two new protections that protect Windows 11 devices against driver attacks. Drivers, just like other software, may introduce security issues, which threat actors may exploit.

The Windows 11 2022 Update uses a new vulnerable driver block list to block certain drivers from being loaded by the operating system. Often, updated drivers are available, which administrators may install to add support for a device to the operating system.

The block list feature takes advantage of Windows Defender Application Control to block vulnerable driver versions from running on the Windows device.

The second protective feature is called Hypervisor-protected code integrity (HVCI), which uses virtualization-based security (VBS). It is available on devices with Intel 8th generation or newer chipsets.

At its core, it ensures that only validated code may be executed in kernel mode. It achieves this by running kernel mode code integrity "inside the secure VBS environment instead of the main Windows kernel".

It protects against attacks that rely "on the ability to inject malicious code into the kernel" of the Windows operating system.

Credential Guard
Credential Guard is enabled on Windows 11 Enterprise systems. Microsoft notes that the feature increase protections from vulnerabilities "greatly" and that it prevents "the use of malicious exploits that attempt to defeat protections".
Click to expand...
www.ghacks.net

Windows 11 2022 Update: security improvements - gHacks Tech News

Here is an overview of security improvements and new security features of the Windows 11 2022 Update.
www.ghacks.net
 
  • Like
  • +Reputation
  • Applause
Reactions: Nevi, Sorrento, Venustus and 11 others
rain2reign

rain2reign

Level 8
Verified
Well-known
Jun 21, 2020
363
I didn't know this option existed till now. I forced the update yesterday through mounting the ISO, by downloading it from the official Microsoft webpage. The option was turned off for me by default, probably because I upgraded to Windows 11 from Windows 10 when it first became available. Bugged or never got activated?

However, according to Microsoft (source) that can only be reverted by doing a clean reinstallation. Which is too much trouble for me at this moment.
1663847938183.png


That is the only way for those in the same situation as myself, currently.
 
  • Like
  • Wow
Reactions: Idanox, Nevi, Sorrento and 5 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,564
  • Like
  • Thanks
Reactions: Idanox, Nevi, Sorrento and 10 others
silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,136
In some cases even after clean install Windows 11, it's possible that Smart App Control remains turned off automatically by Microsoft, for this reason:
We start in evaluation mode. This is a period during which Windows tries to determine if you're a good candidate for Smart App Control. If you are a good candidate for Smart App Control, then it will automatically be turned on. If not, it'll be turned off.
Click to expand...
Essentially, we're looking to see if Smart App Control is going to get in your way too often. There are some legitimate tasks that some corporate users, developers, or others may do regularly that may not be a great experience with Smart App Control running. If we detect during evaluation mode that you're one of those users, we'll automatically turn Smart App Control off so you can work with fewer interruptions.
Click to expand...

What is Smart App Control? - Microsoft Support

Smart App Control is a feature of Windows 11 that helps to block malicious, untrusted, or potentially unwanted apps from running on your device.
support.microsoft.com support.microsoft.com
 
  • Like
  • +Reputation
  • Thanks
Reactions: Idanox, Nevi, Venustus and 8 others
CyberTech

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
Windows 11 22H2 was just released, and with it comes a new security feature called Enhanced Phishing Protection that warns users when they enter their Windows password in insecure applications or on websites.

Windows login credentials are valuable to threat actors as they allow them to access internal corporate networks for data theft or ransomware attacks.

These passwords are commonly acquired through phishing attacks or by users saving their passwords in insecure applications, such as word processors, text editors, and spreadsheets.

In some cases, simply typing your password in a phishing login form, and not submitting them, is enough for them to be stolen by threat actors.

To combat this behavior, Microsoft introduced a new feature called 'Enhanced Phishing Protection' that warns users when they enter their Windows password on a website or enter it into an insecure application.
Click to expand...

Full article
www.bleepingcomputer.com

Windows 11 now warns when typing your password in Notepad, websites

Windows 11 22H2 was just released, and with it comes a new security feature called Enhanced Phishing Protection that warns users when they enter their Windows password in insecure applications or on websites.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: silversurfer, Nevi, Sorrento and 5 others
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
It's "Unsafe to store a password in Notepad", but safe enough to let your Clipboard history sync to the cloud which may contain sensitive data.

windowsloop.com

How to Turn On or Off Clipboard Sync in Windows 11

Windows 11 has a clipboard sync feature to share it across computers. Here is how to turn on or off clipboard sync in Windows 11.
windowsloop.com windowsloop.com
 
  • Like
  • +Reputation
Reactions: oldschool, Gandalf_The_Grey, harlan4096 and 2 others
silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,136

Microsoft is enhancing Windows 11's Enhanced Phishing Protection security feature​

Microsoft introduced the security feature Enhanced Phishing Protection in Windows 11 version 22H2 to better protect the Windows account password. The feature is now seeing improvements in the most recent Windows 11 Insider builds.

According to the changelog, Enhanced Phishing Protection functionality is now extended to copy and paste operations. Previously, it only kicked in if the user typed the password manually in unsafe contexts.

Enhanced Phishing Protection is a Microsoft Defender SmartScreen feature. Microsoft noted back then that the security feature works with different authentication systems, including Microsoft and local accounts, Active Directory and Azure Active Directory accounts. The protection is applied to any Chromium-based web browser and applications, according to Microsoft, and may also warn users about password reuse and unsafe password storage.
Click to expand...
www.ghacks.net

Microsoft is enhancing Windows 11's Enhanced Phishing Protection security feature - gHacks Tech News

Microsoft is testing an improved version of Windows 11's Enhanced Phishing Protection feature that adds a much-needed use-case to the protective feature.
www.ghacks.net
 
  • Like
  • +Reputation
  • Thanks
Reactions: Nevi, piquiteco, CyberTech and 7 others
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
  • Like
  • Sad
Reactions: Nevi, piquiteco and silversurfer
silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,136
I guess not available yet because the OP article from ghacks mentioned "The most recent Windows 11 Insider build"

Unsafe password copy and paste warnings

Starting in Windows 11, version 22H2, Enhanced Phishing Protection in Microsoft Defender SmartScreen helps protect Microsoft school or work passwords against phishing and unsafe usage on sites and apps. We are trying out a change starting with this build where users who have enabled warning options for Windows Security under App & browser control > Reputation-based protection > Phishing protection will see a UI warning on unsafe password copy and paste, just as they currently see when they type in their password.
Click to expand...
blogs.windows.com

Announcing Windows 11 Insider Preview Build 22621.2050 and 22631.2050

Hello Windows Insiders, today we are releasing Windows 11 Insider Preview Build 22621.2050 and Build 22631.2050 (KB5028256) to the Beta Channel. Build 22631.2050 = New features rolling out.
blogs.windows.com blogs.windows.com
 
  • Like
Reactions: Nevi, piquiteco, oldschool and 2 others
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
  • Like
  • Thanks
Reactions: Nevi, piquiteco, CyberTech and 2 others

Similar threads

vtqhtr413
    • Like
    • +Reputation
Hot Take First look at the new All Apps section of Windows 11 Start Menu
Replies
0
Views
230
Windows 11
vtqhtr413
vtqhtr413
vtqhtr413
    • Like
    • Thanks
    • +Reputation
New Update Windows 11 Moment 5 Update Available for Download
Replies
4
Views
737
Windows 11
LennyFox
L
Bot
Windows Photos begins previewing a Windows App SDK version to Windows Insiders
Replies
1
Views
115
Windows 11
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top