Windows 11’s Smart App Control now blocks more types of files used to push malware

Arif Bacchus

Windows 11 Laptop Background

Microsoft has been testing a feature in Windows 11, 22H2 with Windows Insiders known as Smart App Control. What it does is block apps that are deemed malicious or prevent untrusted and other unwanted apps or files from running by checking them against Microsoft’s intelligent cloud-powered security services.

The feature is available on new Windows 11 installs only, and you can’t turn it on unless you re-install or reset Windows. Recently, though, Microsoft’s David Weston shared some updates on Smart App Control, saying it blocks more file types that could be dangerous.

More specifically, Smart App Control can now block ISO and Ink files which can be dangerous as they typically have malware embedded. Noted by Bleeping Computer, also blocked is .appref-ms, .bat, .cmd, .chm, .cpl, .js, .jse, .msc, .msp, .reg, .vbe, .vbs, .wsf files. Even IMG, VHD, and VHDX files are stopped from opening automatically. Microsoft, though, does not currently describe these types of files and which file types are blocked by Smart App Control in their support document. The company says that they’ll document the blocked extension list a bit closer to general availability for release.

If you’ve been brave enough to reset your Windows 11 PC to try Smart App Control, then the feature will first work in evaluation mode, where it scans to see if you’re a good candidate for Smart App Control. If your system passes the tests, then Smart App Control will be turned on, and if not, it will be turned off. You should then see prompts from Smart App Control about suspicious apps or files, like the one above.