Windows 11 has a silent feature that you can’t undo

Topic

New Reply

PUBLIC DEFENDER By Brian Livingston The latest version of Microsoft’s much-maligned Windows 11 silently runs in the background a new security app that
[See the full post at: Windows 11 has a silent feature that you can’t undo]

5 users thanked author for this post.

wEarwOlf505cole, lmacri, oldfry, rc primak, Fred

Reply | Quote

Replies

B. Livingston wrote:

Windows 11 has a silent feature that you can’t undo

This is a very misleading headline, contradicted in the seventh paragraph:

If SAC interferes with your work, you can manually disable it.

As mentioned in the second paragraph, switching it OFF is what you can’t undo, without a clean installation or Reset PC.

(But it can’t be enabled in the first place without a clean installation anyway.)

Windows 11 Pro version 22H2 build 22621.1194 + Microsoft 365/Edge

Reply | Quote

What Brian means is, once you turn it off, you can’t turn it on again, and if you choose not to install it with a fresh install of Win 11 22H2 you can’t turn it on later.

Seems pretty straightforward to me, and not at all misleading. But it can be misread.

-- rc primak

Reply | Quote

rc primak wrote:

What Brian means is, once you turn it off, you can’t turn it on again,

He said that, but the headline does not.

Windows 11 Pro version 22H2 build 22621.1194 + Microsoft 365/Edge

Reply | Quote

There is currently no way to create an “exception list” that would enable you to run known-good software on a given machine. One developer, Grant Shirreffs, wrote on Microsoft’s Tech Community forum on October 2 that SAC won’t even run some of Redmond’s own code:

I think this snippet pretty much summarizes the current state of Smart App Control.

I regularly turn off Microsoft’s Smart Screen Filtering for the same reason: It does not do a good job of handling “exceptions”. E.G., any utility which operates at the lowest system levels. I’ve had NirSoft Utilities and a number of other useful third party maintenance and repair utilities fail to pass the Smart Screen Filter tests.

It looks like this new feature is even stricter and would cause even more problems for power users. It needs to add an exceptions list, but for some of us that list would be so lengthy that this feature would be as much of a pain to use as the Ransomware Protection provided by Windows Defender’s Protected Folders Feature. Which, by the way, most home users should have enabled.

Yet another high-minded security concept by Microsoft wrecked for power-users by ham-handed implementation.

This is also why I never use any company’s “browser shields” or “secure browsers”. They offer no intelligence at all in adapting to more sophisticated users’ habits and preferences. We know the risks, so we don’t need all the “protections” most home users so desperately need.

Some other time (in another conversation), can we discuss the Windows 11 Windows Defender Protected Memory feature of MS Core Isolation, and how it can’t be implemented if you’re using Logitech drivers?

-- rc primak

3 users thanked author for this post.

wavy, Cybertooth, NaNoNyMouse

Reply | Quote

rc primak wrote:

Yet another high-minded security concept by Microsoft wrecked for power-users by ham-handed implementation.

Or another iteration of Microsoft’s ‘our way or the highway’ methodology for squeezing out third-party tools that look under the bonnet or circumvent Windows’ increasing restrictions on easily changing its use to your own preferences.

6 users thanked author for this post.

rc primak, wavy, Cybertooth, oldfry, Alex5723, NaNoNyMouse

Reply | Quote

Rick Corbett wrote:

Microsoft’s ‘our way or the highway’ methodology for squeezing out third-party tools

When a developer creates an app, they are encouraged to “sign” the app using a digital certificate that verifies their identity, that the app is really published by them, and that the app hasn’t been tampered with by somebody else after the developer published it. You can think of it a bit like a painter signing a piece of art, except harder to fake.

Signing is one part of what can make an app trusted or untrusted. The other part is experience. Our intelligent cloud-powered security service sees a huge number of apps every day and uses that knowledge to predict if an app is safe or not safe — even apps we’ve never seen before. However, in some cases, the service is unable to make a confident prediction either way.

If the security service can’t make a confident prediction about the app, and the app doesn’t have a valid signature, it’s considered untrusted.
…
I’m an app developer, how can I get Smart App Control to not block my app?

The simple answer is, sign your app with a valid certificate.

What is Smart App Control? (and FAQ)

Windows 11 Pro version 22H2 build 22621.1194 + Microsoft 365/Edge

1 user thanked author for this post.

rc primak

Reply | Quote

B. Livingston wrote:

The latest version of Microsoft’s much-maligned Windows 11 silently runs in the background a new security app …

In my case it is Off (I only upgrade, no clean installs) and I am well pleased with that result, since even Microsoft can’t turn it On without a clean install.  I don’t need or want it.  The handful of tools I use have been installed since Windows 7 Ultimate and have been brought along with every upgrade.

Create a fresh drive image before making system changes/Windows updates, in case you need to start over!

We all have our own reasons for doing the things that we do. We don't all have to do the same things.

Computer Specs

1 user thanked author for this post.

rc primak

Reply | Quote