Windows 11’s newest security feature comes with a sting in the tail: if you’ve upgraded to the newest version of Microsoft’s operating system, rather than bought a new PC with it installed, you’ll need to reset it if you want Smart App Control. The news broke in a blog post (opens in new tab) from David Weston, vice president of OS security and enterprise at Microsoft, subsequently reported on by PCWorld (opens in new tab).
“In a future release of Windows 11 you’re going to see significant security updates that add even more protection from the chip to the cloud by combining modern hardware and software,” writes Weston in his post, which sounds fine, as enhanced security was one of the reasons we have Windows 11 in the first place.
One of these major enhancements is Smart App Control, which appeared in a recent Windows 11 insider build, and blocks malicious, untrusted and potentially unwanted apps. The first set are flagged by Microsoft, but the ‘smart’ part of the system kicks in for the others, taking into account digital signatures, app usage, and Microsoft's cloud-based security service. There doesn’t seem to be a way of whitelisting apps, or unblocking them in any way once they’re blocked.
It also acts in a new and strange way, according to German news site Ghacks (opens in new tab). Once installed, Smart App Control enters evaluation mode, learning whether it can assist you but not blocking anything, until it automatically turns on. It can be manually turned on or off from the Windows Security app. The strange thing is that, if turned off, it cannot be turned back on without a full reset of the PC and a clean install of Windows 11.
The need for a clean installation if you want Smart App Control on your existing Windows 11 PC is detailed in Weston’s blog post: “Devices running previous versions of Windows 11 will have to be reset and have a clean installation of Windows 11 to take advantage of this feature,” he writes.
Microsoft’s security splurge is dressed in the language of hybrid working and zero trust, as the Redmond software giant attempts to push its Pluton platform. Smart App Control, and the promotion of Microsoft SmartScreen to a part of the OS instead of a security app, is part of a drive to protect critical business machines used at home from phishing, ransomware, and other unwanted nasties, and it’s up to company IT departments to decide whether to deploy it. Home users with Microsoft Defender switched on are unlikely to need it urgently, so the need for a clean install, while annoying, might not affect many users after all.