Keeping out the bad applications

Topic

New Reply

ON SECURITY By Susan Bradley Both Microsoft and Apple are trying to tackle an ongoing problem that plagues us — keeping our systems secure and protect
[See the full post at: Keeping out the bad applications]

Susan Bradley Patch Lady/Prudent patcher

7 users thanked author for this post.

Norio, TechTango, genej101, Casey S, windbg, lmacri, geekdom

Reply | Quote

Replies

The part about ‘Smart App Control’ implies more or less it’s about installing apps. When I read the article about Smart App Control, it’s about running apps.

Off-topic – the first paragraph, second sentence on ‘What is Smart App Control?’ pretty much defines Windows 🙂

Reply | Quote

The MS support article What is Smart App Control? mentioned in Simon_Weel’s post # 2482224 claims that when Microsoft turns on Smart App Control (SAC) that it starts in evaluation mode. During the evaluation period SAC won’t block anything it thinks is “untrusted” but will monitor your system to see what third-party software is running on your system and determine if you’re a good candidate for SAC. If you are a good candidate for SAC then it will be automatically turned on, but if you are not a good candidate it will be automatically turned off.

Microsoft also recommends that users should not turn on Smart App Control themselves. From that support article:

Can I Turn Smart App Control on Manually?

Yes, if it’s available for your device, but we recommend you let evaluation mode do its job and determine if you’re a good candidate for Smart App Control.

Can anyone with a Win 11 OS confirm that Smart App Control (SAC) actually starts in evaluation mode if it’s turned on by Microsoft (e.g., after a clean reinstall of Win 11 v22H2)? Earnesto2 posted <here> in the Dell community on 24-Sep-2022 that they manually enabled SAC on their new Win 11 Dell computer and Dell SupportAssist (which they incorrectly referred to as “Dell Smart Assist” a few times in that post) was blocked by SAC because SupportAssist was not properly signed. I told them if they had left SAC in evaluation mode it might have turned itself off once SAC had monitored their system for a while, but I’m not sure that’s actually correct now.

At this point I’m unclear if Dell is shipping new Win 11 v22H2 computers with SAC deliberately turned off because of all the Dell bloatware they install at the factory, or if new Dell computers ship with SAC in “evaluation mode”.
—————
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.2006 * Firefox v105.0.1 * Microsoft Defender v4.18.2207.7-1.1.19600.3 * Malwarebytes Premium v4.5.14.210-1.0.1767 * Macrium Reflect Free v8.0.6979 * Dell SupportAssist v3.11.4.29 * Dell Update Windows Universal v4.6.0

1 user thanked author for this post.

windbg

Reply | Quote

lmacri wrote:

Can anyone with a Win 11 OS confirm that Smart App Control (SAC) actually starts in evaluation mode if it’s turned on by Microsoft (e.g., after a clean reinstall of Win 11 v22H2)?

Mine is upgraded, not clean installed, and Smart App Control looks like this:

I intend to leave it like that.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

1 user thanked author for this post.

lmacri

Reply | Quote

Hi bbearen:

Thanks for the screenshot, but that looks odd to me.  I would have expected one of the three options (On, Evaluation, Off) to be selected by default on a Win 11 v22H2 OS.
————
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.2006 * Firefox v105.0.1 * Microsoft Defender v4.18.2207.7-1.1.19600.3 * Malwarebytes Premium v4.5.14.210-1.0.1767 * Macrium Reflect Free v8.0.6979

Reply | Quote

No button selected shows the same on my computer, too. I’m not selecting any button as it seems to be a one-way trip.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

I honestly don’t foresee that any business systems – unless they are kiosk type/ATM – that are good candidates for Smart App Control.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

“The certificate confirms the legitimacy of the app, and thus Windows assumes the app is safe.”

The basic problem is, code-signing certificates mean nothing.

https://www.theregister.com/2018/06/26/digitally_signed_malware/

https://www.securityweek.com/use-fake-code-signing-certificates-malware-surges

https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/supply-chain-malware?view=o365-worldwide

The near-term anti-malware solutions, I believe, will lead to blocking/warnings on files that haven’t been seen before, and/or haven’t built a reputation for being widespread and safe.    Ultimately, it’s the “block at first site” approach.

2 users thanked author for this post.

rc primak, windbg

Reply | Quote

Smart App Control is the first step towards Windows becoming all S-Mode, all the time, for everyone.

I cannot imagine any scenario in which I would want this feature on any of my devices.

All it will do is to block installation and use of third-party freeware which has fewer than a threshold number of active users.

And send those who use third party software into the Microsoft Store to find paid subscription services and paid apps sanctioned by Microsoft to do the same tasks.

If I wanted Windows S I would have bought a Windows S device.

-- rc primak

3 users thanked author for this post.

Alex5723, windbg, PKCano

Reply | Quote

I got a call today on an iPhone from “unknown caller” with NO phone number. No way to block that from recents. I don’t want to use the block unknown callers feature in settings as I do get calls returned from places I use, doctors, businesses, Apple even, when someone calls me back from their own extension – I don’t want those silenced. So, is there any way you know of to block just ones like the one I described? Thanks, Susan. :^)

Reply | Quote

How to Block Unknown Numbers on iPhone (techjunkie.com)  Do you have a third party blocking application?

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

lmacri wrote:

I would have expected one of the three options (On, Evaluation, Off) to be selected by default on a Win 11 v22H2 OS.

Perhaps for a clean install.  I never do clean installations, only upgrade my existing version.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

Microsoft added in Win 11 Passwords protection /warning

Enhanced phishing protection in Microsoft Defender
Smartscreen can detect and warn you when you’re entering your password into a known compromised app or website. It also promotes good credential hygiene by warning users when they try to re-use passwords or store them in an unsafe location such as a text file. This goes beyond browser-based protection to build advanced phishing protection into the operating system itself, empowering users to take proactive action before passwords can be used against them or their organization. IT admins can customize alerts using a mobile device management (MDM) solution like Microsoft Intune..

Settings – Privacy and Security – Windows Security – App & browser control – Reputation-based protection settings. Enable the ‘Warn me about password reuse and Warn me about unsafe password storage settings’

Reply | Quote