Smart App Control Can Now Block More File Types on Windows 11

Microsoft has unveiled some security enhancements for the Smart App Control feature in Windows 11. David Weston, Microsoft’s VP for Enterprise and OS Security, announced yesterday that Smart App Control has been updated to support more malicious file types, including ISO and LNK files.

Microsoft started testing the Smart App Control feature with Insiders in Windows 11 build 22567 in March. It enables users to automatically block potentially untrusted or malicious applications from running on Windows 11 devices. The feature uses AI and code signing to intelligently predict malicious behavior that could cause the device to run slowly, show ads, and install bloatware.

In addition to ISO and LNK, Bleeping Computer notes that Smart App Control can block the execution of several other file extensions. These include IMG, VDH, VHDX, .appref-ms, BAT, CMD, CHM, CPL, JS, JSE, MSC, MSP, REG, VBE, VBS, and WSF files.

Once blocked, Windows 11 users will see the following message on the screen: “Smart app Control blocked an app that may be unsafe. This file was blocked because files of this type from the internet can be dangerous.”

Windows 11’s Smart App Control update boosts protections against phishing campaigns

Microsoft has yet to provide details about file types that are blocked by Smart App Control on Windows 11. On Twitter, Microsoft’s Jeffery Sutherland said that a full list of all restricted file extensions will be published soon.

Yes we plan to document the blocked extension list and will be posting that topic a bit closer to general availability for the release. We also will be updating the “Signed and Reputable” template in the WDAC wizard to match the Smart App Control WDAC XML

— Jeffrey Sutherland (@j3ffr3y1974) August 2, 2022

It is important to note that this move comes shortly after Microsoft blocked VBA macros by default in Office apps. It helped to significantly decrease the number of macros-enabled attacks during the past few months. However, threat actors have started using other file types in phishing campaigns, such as ISO, RAR, and Windows Shortcut (LNK) files.

Overall, it’s great to see that Microsoft is introducing new security capabilities to protect Windows 11 users from ransomware campaigns and other threats. The Smart App Control feature is expected to become generally available in Windows 11 version 22H2 later this year.