In case you have not seen the news yet, Windows 11 22H2 is set to be released later this year, most likely in October 2022. The new Windows 11 22H2 release will be the first significant update to Windows 11 since it was released in October of 2021. You can think of Windows 11 22H2 as an SP1 of sorts for Windows 11. An interesting new feature that caught my eye with Windows 11 22H2, called Smart App Control, may help to be a game-changer for ransomware protection in the enterprise, especially for organizations that may not have an existing next-generation application whitelisting, etc. Let’s take a look at Smart App Control Windows 11 22H2, what it is, how it works, and an interesting limitation at least with this first release.
What is Smart App Control?
To begin with, what is Smart App Control? Smart App Control is a new security feature found in Windows 11 22H2 that provides significant protection against malicious applications, such as ransomware. It also covers the gamut of security functionality with applications since it adds protection from:
- Potentially unwanted applications
How does Smart App Control work?
The new Smart App Control uses Microsoft’s intelligent cloud-powered security solution that uses artificial intelligence (AI) and machine learning (ML), among other things, to determine the safety of an application, its intent, etc. If it is deemed to be a safe application, it will allow the program or application to run. If the program is malicious or PUA, it will be blocked.
What happens if Smart App Control is unable to make a determination about the application? It will then check the signature of the application to see if it is valid. Smart App Control will allow the program to run if the signature is valid. Conversely, it will block the application if the app is unsigned or has an invalid signature.
Smart App Control Modes
The Smart App Control in Windows 11 22H2 has three modes of operation:
The Evaluation Mode is the mode of operation for Smart App Control when you first install Windows 11 22H2. In this particular mode, Windows will be in a monitor mode of sorts, evaluating whether your Windows installation is a good candidate to have Smart App Control running.
As you would expect, in this mode, it won’t block any applications from running. Evaluation mode can only be run once after you install Windows. Once it is complete or you manually switch Smart App Control to On, you cannot return to evaluation mode unless you reinstall or reset Windows.
What is the Smart App Control in Windows 11 22H2 looking for in evaluation mode? When Smart App Control is in evaluation mode, Microsoft is looking to see if your machine is a good candidate for Smart App Control. They make mention they are “looking to see if Smart App Control is going to get in your way too often.” They don’t elaborate on what exactly that means from a technical perspective. However, we can assume it means they think Smart App Control will be blocking way too many application instances on your workstation for legitimate applications possibly.
You can still go ahead and turn on Smart App Control manually, but Microsoft recommends performing the evaluation first and then turn it to On.
In the On mode, Smart App Control is protecting your workstation using Microsoft’s cloud AI security profiling to determine if an application is safe or not. If it spots a malicious or untrusted app it will block it to protect your device.
Smart App Control is not on and is not protecting your workstation.
***NOTE*** If you turn Smart App Control off, you cannot turn it back on unless you reinstall Windows. So, don’t change this setting without thinking through the consequences.
How do you configure Smart App Control?
In a new installation of Windows 11 22H2, navigate to Settings > Privacy and Security > Windows Security > App & browser control > Smart App Control.
Once you navigate to Smart App Control, click the Smart App Control settings.
The Smart App control settings are fairly simplistic. Again, you only have three settings here: On, Evaluation, and Off. As mentioned earlier, these settings are not to be changed haphazardly. Changing from On or Evaluation to Off means you can’t turn it back on without reinstalling Windows! So be warned.
Smart App Control bypass for specific apps and other features?
Can you bypass Smart App Control for a specific application that may be getting blocked by Smart App Control? No, you cannot. At least with this implementation of Smart App Control, Microsoft says that you either allow it to block any unsigned app and other apps that may be deemed as unwanted, or you will need to turn it off. Unfortunately, this may be a deal-breaker in the enterprise as customers will want/need to have more control over which apps are allowed or blocked.
Microsoft also does not tout Smart App Control as a replacement for antivirus software. It is meant to work alongside other security software like Microsoft Defender.
Smart App Control FAQs
- What is Smart App Control Windows 11 22H2? Smart App Control is a new security feature of Windows 11 22H2 that screens all applications and programs for malicious, unwanted, or otherwise undesirable behavior. It also allows or blocks apps based on a valid signature for the application. It uses Microsoft’s cloud security service with artificial intelligence and machine learning to allow or block apps.
- Does it replace antivirus? The official answer from Microsoft is no it does not. They still recommend using an antivirus program like Microsoft Defender. Smart Access Control is meant to work with an AV program and not replace it.
- Can you allow specific apps through Smart App Control? No, you can’t. There is no interface or means to allow specific applications. It is either on or off.
- Can you turn Smart App Control off and then back on? No, you cannot. Smart App Control can only be turned on once. If it is turned off after it has been flagged to On, you have to reinstall Windows to have the option to turn it on again.
Smart App Control Overview Video
Final Thoughts and impressions of Smart App Control
Smart App Control Windows 11 22H2 is an interesting new feature of the upcoming Windows 11 22H2. It provides a more robust application security platform to help block malicious, unwanted, or nefarious applications. However, it has some limitations that I think will be a deal-breaker in the enterprise. Notably, it can only be flagged on with clean installs of Windows 11 22H2. Although I have not tested this, Microsoft mentions upgrades will not allow Smart App Control with upgrades.
In addition, there is no way to allow specific apps. In other words, it is all or nothing with Smart App Control. Most businesses I know have custom applications that may not be signed or have other behavior that may result in a false positive. Not having a way to allow these will most likely mean IT admins won’t be able to use Smart App Control across the board. It will be interesting to see how Smart App Control Windows 11 matures and if these capabilities are added in a later update.