App Control Made Smarter

 How I wish I can decide if the apps that I am executing are safe, malicious, or from an untrusted source? Well, Microsoft has heard mine, I guess. They have come up with a feature called the “Smart App Control” which does just that. However, this feature is available only on clean installations of the Windows 11 22H2 update. That said, let us hope they will roll out for other versions of Windows that have active support.  

Want to know more? Read on.

What is a Signed App?

The developers do app signing to identify the app author. This helps the developers to update their app without any need for complicated permissions. Read more in this blog post.

Can malicious or untrusted apps be signed?

Hope this is not true. But the fact is yes. Threat actors can use stolen signatures or create a legitimate signature for their malicious app. This would then bypass any signature validations. Read more in this blog post.

What is Smart App Control (SAC)?

SAC is a security feature from Microsoft that is designed to block malicious, unsigned, or untrusted apps from executing on your computer. Apart from this, it also blocks potentially unwanted applications (PUA) from executing, which could slow down your computer’s performance, threaten the system’s security, or do things that are not expected.

If it is not able to make a decision, then the app is allowed to execute only if it has a valid signature. The app is stopped from executing if it has an invalid or no signature.

Can threat actors bypass SAC validations?

As of date, this is considered foolproof. The Smart App feature offers significant protection from new threats, and when this is used alongside Microsoft or third-party AntiVirus, you get to enjoy a very safe experience.

However, that said, there is still a hitch. SAC will approve an app if it has a valid signature. So, if threat actors use either stolen signatures or create one that is legitimate or if it is a digitally valid signed PUA, SAC may approve it based on the certificate’s legitimacy or if the signature can bypass its trusted AI model. How Microsoft will handle this, one needs to wait and see. 

Overall, this is a good feature from Microsoft for Windows 11 users to enjoy a safe digital experience. This feature can be disabled, albeit at your own risk, and to re-enable it, as of now, one has to do a clean install of Windows 11.

Comments

Popular posts from this blog

AMOS (MacOS Stealer)

Ransomed by Warlock Dark Army “OFFICIALS”

MuddyWater Back with DarkBit