Windows 11 Gets New Security Tool

John Lister's picture

Microsoft is trying a new tool designed to block suspicious applications without frustrating users. Windows can decide itself whether running Smart App Control causes more trouble than its worth.

The feature is being tested among users on the Windows 11 Dev Channel, meaning people who want the earliest possible access to potential new features, knowing there's a higher risk of bugs and problems.

Smart App Control brings together several security tools already present in Windows Defender and turns them into an all-or-nothing measure. When Smart App Control blocks an application, it cannot run and there's no way to manually override the block for individual applications. (Source:

Multiple App Types Blocked

The feature blocks three types of applications. The first are malicious applications, which appear to be classified as such based on their activities. Apps which delete files without the user's permission or harvest data would fall into this category.

The second category is untrusted applications. This is based on a combination of whether the app has a trusted digital signature (reducing the chances that a user has been scammed into installing it) and whether the user actively opens and runs the application regularly.

The final category is potentially unwanted apps. These often do little but display unwanted ads (consuming computer resources in the process) and often get installed at the same time as legitimate applications because the user missed a checkbox to say no to the "offer".

Evaluation Mode

At the moment it appears the feature will only be included in new installations of Windows. Unusually it won't run straight, away but instead will operate in an automated evaluation mode. Microsoft hasn't explained the process fully, but Windows will use this time to decide if the user's activity pattern and app installations mean Smart App Control will be too disruptive.

At the end of the evaluation process, Windows will either switch on Smart App Control for real or disable it. Users can then manually decide whether or not to have the feature switched on. (Source:

The fact users can't use whitelisting to override the block on a specific application means it certainly won't be useful for everyone and many will find third-party security tools offer a more useful protection. However, it could be a useful fallback by Microsoft for users who pay no attention whatsoever to security and are more likely to install shady software without thinking about the consequences.

What's Your Opinion?

Does this feature sound useful? Is the evaluation period a smart idea? Should Microsoft let users override it for specific applications they know to be legitimate?

Rate this article: 
Average: 5 (4 votes)


Dennis Faas's picture

With no way to shut this feature off, I can foresee a lot of false positives. I've already got issues with the Windows Defender Smartscreen feature that (for no apparent reason) randomly blocks the program I use to connect to clients using remote desktop.

Chief's picture

Pretty soon the computer will get so smart, it will turn the user off!

"I'm sorry, Dave. I can't do that."