Windows 11 Smart App Control gets a whole lot better at blocking potential malware

Microsoft recently had a pretty toxic relationship with Office Macros. The saga consisted of first blocking, then unblocking, and finally re-blocking the potentially harmful feature in Office. However, threat actors are not sleeping it off and the new tactics, techniques, and procedures (TTPs) include injecting malware into ISOs, LNKs, and RAR files, among others.

Microsoft"s David Weston, the Vice President of Enterprise and OS Security at Microsoft, took to Twitter yesterday to announce that the company has now improved the blocking capabilities of the Smart App Control (SAC) utility in Windows 11. He stated that SAC can now also block ISO and LNK files with the mark of the web (MOTW).

Windows 11 with smart app control blocks iso and lnk files that have mark of the web just like Macros. https://t.co/mfFCQMv6uf

— David Weston (DWIZZZLE) (@dwizzzleMSFT) August 2, 2022

However, SAC is actually capable of much more as security researcher Will Dormann found out. Alongside ISO and LNK, Smart App Control can now also block IMG, VDH and VHDX file types.

Yeah, IMG is also protected. As are VHD and VHDX files. pic.twitter.com/upbkkArFeZ

— Will Dormann (@wdormann) August 2, 2022

And the list keeps growing as BleepingComputer notes that the following file types are also blocked:

  • .appref-ms
  • .bat
  • .cmd
  • .chm
  • .cpl
  • .js,
  • .jse
  • .msc
  • .msp
  • .reg
  • .vbe
  • .vbs
  • .wsf

Not every potentially dangerous file type is on the blocklist though, at least not yet, as Dormann noticed that the .diagcabb file, which was recently used in the MSDT "DogWalk" vulnerability stays unblocked.

However, .diagcab files (e.g. used by "DogWalk") are NOT blocked.
It would be nice to know a definitive list of what"s blocked. pic.twitter.com/Jy5OoNaA0a

— Will Dormann (@wdormann) August 3, 2022

When asked about the matter, Microsoft"s Jeffery Sutherland says that a full list of all restricted file extensions will be made available soon.

Yes we plan to document the blocked extension list and will be posting that topic a bit closer to general availability for the release. We also will be updating the “Signed and Reputable” template in the WDAC wizard to match the Smart App Control WDAC XML

— Jeffrey Sutherland (@j3ffr3y1974) August 2, 2022

For now, Smart App Control is available to Windows 11 22H2 Insiders who are running new installs.

Report a problem with article
Next Article

Valve opens Steam Deck reservations in more countries

Previous Article

Rufus 3.20 is out with automatic local account creation, and more for Windows 11