Windows 11 Smart App Control gets a whole lot better at blocking potential malware

Microsoft recently had a pretty toxic relationship with Office Macros. The saga consisted of first blocking, then unblocking, and finally re-blocking the potentially harmful feature in Office. However, threat actors are not sleeping it off and the new tactics, techniques, and procedures (TTPs) include injecting malware into ISOs, LNKs, and RAR files, among others.

Microsoft"s David Weston, the Vice President of Enterprise and OS Security at Microsoft, took to Twitter yesterday to announce that the company has now improved the blocking capabilities of the Smart App Control (SAC) utility in Windows 11. He stated that SAC can now also block ISO and LNK files with the mark of the web (MOTW).

However, SAC is actually capable of much more as security researcher Will Dormann found out. Alongside ISO and LNK, Smart App Control can now also block IMG, VDH and VHDX file types.

And the list keeps growing as BleepingComputer notes that the following file types are also blocked:

• .appref-ms
• .bat
• .cmd
• .chm
• .cpl
• .js,
• .jse
• .msc
• .msp
• .reg
• .vbe
• .vbs
• .wsf

Not every potentially dangerous file type is on the blocklist though, at least not yet, as Dormann noticed that the .diagcabb file, which was recently used in the MSDT "DogWalk" vulnerability stays unblocked.

When asked about the matter, Microsoft"s Jeffery Sutherland says that a full list of all restricted file extensions will be made available soon.

For now, Smart App Control is available to Windows 11 22H2 Insiders who are running new installs.