Back in March, Microsoft added a Smart App Control feature to Windows 11 previews for the 22H2 build. As we get closer to the full end-user launch of Windows 11 22H2, Microsoft is now expanding the capabilities of the feature. Specifically, the tool will now block malware across a wider range of file formats.
Smart App Control (SAC) is a new security ability that blocks apps that are potentially dangerous or untrusted for another reason. It is available through Windows Security in the App & Browser Control menu.
SAC is off by default, so you will need to enable it. Furthermore, it only works on devices that have a clean install, and that Windows 11 preview build 22567 or newer. That means it will not work unless you re-install or reset Windows.
In an update for the feature, Microsoft’s David Weston took to Twitter to say Smart App Control now blocks more file types:
“Windows 11 with smart app control blocks iso and Ink files that have the mark of the web just like Macros.”
This basically means Smart App Control will now block dangerous Ink and ISO files. Those formats now sit alongside other file types the service blocks: is .appref-ms, .bat, .cmd, .chm, .cpl, .js, .jse, .msc, .msp, .reg, .vbe, .vbs, .wsf files. Even IMG, VHD, and VHDX files (via BleepingComputer).
It is worth noting SAC does not just block these files. It simply prevents them from opening automatically, giving users the choice if they want to take the risk. It is worth noting Microsoft does not currently list all formats of the tool blocks. According to the company, a full list will be given close to full release.
Tip of the day: Windows now has a package manager similar to Linux called “Winget”. In our tutorial, we show you how to install and use this new tool that allows the quick installation of apps via PowerShell or a GUI.