With Windows 11 22H2, Microsoft introduced a new component to its security suite, aiming to prevent malicious applications, dubbed Smart App Control (SAC). This feature complements Microsoft Defender, blocking untrusted or unknown code from executing on a proactive basis. Now, in an updated blog post pushing the feature, Microsoft claims a performance boost compared to traditional AV solutions, though small print indicates you will require a fresh Windows installation to use this feature.
Traditional antivirus software, such as Microsoft Defender, adopts an “Innocent until proven guilty” approach. These solutions are largely reactive, trusting programs until their behavior triggers an alert. Microsoft Defender employs signature-based detection, behavioral checks (heuristics), and cloud protection to prevent malicious software on your system. When faced with novel (zero-day) malware or polymorphic threats, which can bypass signature checks, Defender falls back to heuristics, observing the malware’s actions until it detects suspicious behavior.
Here’s where Smart App Control enters the fray, employing a proactive methodology, operating on the principle of “Guilty until proven innocent.” It assesses the application’s security by vetting it against Microsoft’s Intelligence Security Graph (a cloud-based reputation service). If this test is inconclusive, it attempts to validate the application’s digital signature, to ensure its origin from a trusted developer. The application is blocked by Windows Security if it is predicted to be malicious in the first check or unsigned in the second check.
You may like
(Image credit: Tom’s Hardware)
Essentially, SAC bypasses traditional behavioral checks by ensuring only verified applications can run on your system. Although Microsoft claims Smart App Control offers a performance boost over traditional antivirus solutions, it is designed to operate in parallel with Windows Defender. Unlike Windows Defender, if SAC deems a program malicious, it cannot be flagged as a false positive or whitelisted. As such, SAC is likely to be a poor fit for enthusiasts or developers, better serving enterprise systems or individuals who aren’t as tech-savvy.
To prevent such conflicts, Microsoft runs Smart App Control through an evaluation phase to determine if this feature would hinder your day-to-day activities. This is a one-way street: if SAC is deemed unsuitable for your system, it will be disabled and can only be re-enabled by reinstalling Windows. Likewise, if you decide to turn it off yourself, you won’t be able to simply switch it back on.
Follow Tom’s Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.
