New Update Windows 11 24H2 and 25H2 get bit new updates with new feautres and fixes in KB5074105

[micasayyo]

Navigate in reg editor to
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Policy

Change the value date from 0 to 1 of
VerifiedAndReputablePolicyState

Restart

Thanks, enabled. Regards

 

[rashmi]

WHHL is more protective.
WDAC will block the same executables blocked by SAC.
Hardening (including SRP) will block all file types blocked by SAC, and even more, with the advantage that it cannot be bypassed by removing MoTW (manaully, by malware, or by usb memory transfer).

Damn, WHHL and fans are a bit too loud... Hard Configurator and fans just quietly and humorously dominate the scene!

 

[Parkinsond]

Hard Configurator

Too much work for me; I prefer the easy way (WHHL)

 

[lokamoka820]

Navigate in reg editor to
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Policy

Change the value date from 0 to 1 of
VerifiedAndReputablePolicyState

Restart

Why do we need to tamper with the system registry even after the update?

 

[Parkinsond]

Why do we need to tamper with the system registry even after the update?

Still greyed after update; according to @Jonny Quest , it is because I have optional data sent disabled during W install.

 

[Andy Ful]

Navigate in reg editor to
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Policy

Change the value date from 0 to 1 of
VerifiedAndReputablePolicyState

Restart

In my case, I had to set two values:
VerifiedAndReputableIgnoreAutoOptOut ---> 1
VerifiedAndReputablePolicyState ---> 1

Even after the update, I still cannot set SAC ON via Security Center. But I like this behavior over the expected one.
I have enabled sending the optional diagnostic data:

 

[Parkinsond]

Even after the update, I still cannot set SAC ON via Security Center

Me too; I thought, after update, it will be enabled and disabled from the security center without tinkering with registry editor.
Anyway, I haved disabled it again and back to WHHL.