Smart App Control: A security feature introduced in Windows 11 22H2 to prevent dangerous apps like ransomware or spyware from running on the system.
Operation:
- When launching an app, Windows checks a cloud database for information.
- If the app is known to be safe, it runs normally.
- If considered unsafe or malicious, Windows prevents it from running.
- If offline or not in the database, app signatures are used for validation.
Benefits:
- Helps prevent ransomware and potentially unwanted programs.
- Easy to use through system settings.
- Three modes: On, Off, and Evaluation.
Downsides:
- Only available on a clean Windows installation to ensure safety.
- There is no override option, potentially blocking trusted older apps.
Recommendation:
- Smart App Control enhances security but needs a whitelist option to address limitations.
Settings to block potentially unwanted Apps (PUA) using Settings Catalog in Microsoft Endpoint Manager.
![](https://www.azure365pro.com/wp-content/uploads/2022/07/image-82-1024x335.png)
![](https://www.azure365pro.com/wp-content/uploads/2022/07/image-83.png)
![](https://www.azure365pro.com/wp-content/uploads/2022/07/image-86-1024x514.png)
End user Side
![](https://www.azure365pro.com/wp-content/uploads/2022/07/image-87-1024x666.png)
![](https://www.azure365pro.com/wp-content/uploads/2022/07/image-88-1024x552.png)
After Applying the Policy
![](https://www.azure365pro.com/wp-content/uploads/2022/07/image-92.png)
![](https://www.azure365pro.com/wp-content/uploads/2022/07/image-93.png)