Newest Windows 11 security feature The latest Windows 11 security feature has a catch: if you upgraded to the latest version of Microsoft’s operating system, rather than buying a new PC with it installed, you’ll need to reset it if you want Smart App Control.Requires full reset The news came in a blog post by David Weston, vice president of OS security and enterprise at Microsoft, then reported by PCWorld
“In a future release of Windows 11, you’re going to see significant security updates that add even more protection from the chip to the cloud by combining modern hardware and software,” Weston writes in his post, which sounds fine, since enhanced security was one of the reasons we got Windows 11 in the first place.
One of these major improvements is Smart App Control, which appeared in a recent Windows 11 insider build, and blocks malicious, untrusted and potentially unwanted apps. The first set is flagged by Microsoft, but the “smart” part of the system kicks in for the others, taking into account digital signatures, app usage and Microsoft’s cloud-based security service. There seems to be no way to whitelist apps or otherwise unblock them once they are blocked.
The program also works in a new and strange way, according to the German news site Ghacks . Once installed, Smart App Control goes into evaluation mode, learning if it can help you but not blocking anything, until it is automatically enabled. It can be turned on or off manually from the Windows Security app. The strange thing is that if it is turned off, it cannot be turned back on without a full reset of the PC and a clean install of Windows 11.
The need for a clean install if you want Smart App Control on your existing Windows 11 PC is detailed in Weston’s blog post: “Devices with previous versions of Windows 11 will need to be reset and have a clean install of Windows 11 to take advantage of this feature,” he writes.
Smart App Control, and the promotion of Microsoft SmartScreen to a part of the OS rather than a security app, is part of an effort to protect mission-critical machines used at home from phishing, ransomware and other unwanted harm. It’s up to companies’ IT departments to decide if they want to implement it. Home users with Microsoft Defender enabled are unlikely to need it urgently, so the need for a clean install, while annoying, may not affect many users anyway.