Key Points
Purpose of App and Browser Control: App & Browser Control protects against malicious apps and websites using features like Reputation-based Protection and Exploit Protection.
Reasons to Hide App and Browser Control: Hiding this control prevents unauthorized changes, simplifies the interface, and reduces user confusion in organizational settings.
Methods to Hide App and Browser Control:
- Local Group Policy Editor: Disable through the Local Group Policy Editor for Windows 10 Pro, Enterprise, and Education.
- Registry Editor: Modify the UILockdown DWORD in the Registry.
- Third-Party Tools: Use trusted tools for easier management.
Impact on Security: Hiding the control doesn’t disable security features; it only removes the interface.
Reversibility & Customization: Changes are reversible via Group Policy or Registry settings, and other security sections can also be hidden similarly.
Windows automatically employs various security solutions under Windows Security to keep users’ devices safe while browsing online or downloading apps and files. But when users try to modify the default security settings, they may unintentionally access potentially dangerous sites and files.
As a system administrator, you can keep users’ computers secure and prevent them from changing crucial security settings by hiding the App and Browser Control menu in Windows Security. Read on to learn how to limit access from this essential security control section in Windows 10.
Methods to hide Windows Security App & Browser Control
Before making changes in the Local Group Policy Editor or Registry Editor, it is crucial to back up your current settings. For Group Policy, you can export your current policies by navigating to File > Export. For the Registry Editor, create a backup by selecting File > Export and saving it to a secure location.
Method 1: Using Local Group Policy Editor
Admins using Windows 10 Pro, Enterprise, and Education editions can use the Local Group Policy Editor to modify the App and Browser Control GPO.
⚠️ You must log in with an administrator account to edit local group policies. It is highly advised to back up the existing Local Group Policy before making any changes, especially if unfamiliar with the tool.
- Open the Local Group Policy Editor.
Press Windows key + R, then type gpedit.msc and press Enter. - Navigate to Windows Security settings.
On the left pane of the Local Group Policy Editor, go to:
Computer Configuration\Administrative Templates\Windows Components\Windows Security\App and browser protection - Configure the Setting.
Double-click Hide the App and browser protection area on the right pane. In the popup window, click Enabled to hide the section, hit Apply, and then OK. - Restart the computer.
To ensure the changes take effect, restart your device.
Method 2: Using the Registry Editor
Aside from the Local Group Policy Editor, the Registry Editor also offers a way to restrict user access to Windows Security App and Browser Control.
⚠️ This method requires logging in with an administrator account. Incorrectly editing the registry can cause serious system issues, so it is highly recommended that you create a registry backup before proceeding.
- Open the Registry Editor.
Press Windows key + R, then type regedit and press Ctrl + Shift + Enter. - Navigate to the Windows Defender Key.
On the left pane, follow this path:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\App and Browser protection - Create or modify the DWORD value.
If the App and Browser protection key doesn’t exist, you must create it.- Right-click on Windows Defender Security Center in the left pane, hover over New, and select Key.
- Name the new key App and Browser protection, and press Enter.
- Within this key, right-click on the right panel, hover over New, select DWORD value, and name it UILockdown.
- Double-click on UILockdown and set the value to 1 to hide the section.
- Restart the computer.
To apply the changes you made to the registry, restart your device.
See the Hide or Show App and Browser Control in Windows Security in Windows 10 video.
Alternative method: Using third-party tools
Both the Local Group Policy Editor and the Registry Editor are effective built-in Windows tools for hiding the App and Browser Control managed by administrators. Still, some people are intimidated by these methods because they risk unintentionally creating system issues. For these admins, third-party tools may offer more benefits.
Many third-party tools have user-friendly interfaces that help users manage Windows Security settings, including hiding specific sections. They may also offer auditing, reporting, policy enforcement, backups, and restoration features, all in one app.
However, admins must exercise caution when choosing this method. Before downloading or installing any tool, make sure the software you want to use is from a reputable developer or website. Try to avoid tools from unknown publishers as much as possible because they may introduce malware to the system.
You also want to make sure the tool is compatible with Windows 10 and test it on a single device before attempting to implement it on your organization’s network. After making the changes, try to see if it works by checking if “App and Browser Control” is not opening or invisible on your test computer. This will help prevent serious issues and allow you to monitor the tool’s behavior.
If you are using third-party antivirus or endpoint protection software, make sure that these settings are not overridden by the third-party tool. Some security software may have its own policies for handling app and browser security, which can conflict with Windows Security settings.
What is App & Browser Control in Windows Security?
App & Browser Control helps protect a device from files, apps, websites, and downloads that can harm the system. It’s a page under Windows Security that allows users to manage how Windows will protect them while browsing online, from blocking suspicious websites to scanning for malware.
App & Browser Control is divided into three sections:
1. Reputation-based protection
It employs Microsoft Defender SmartScreen, a cloud-based anti-phishing and anti-malware component, to evaluate websites and determine their security. It also offers features for checking apps and files, protecting against phishing attacks, and blocking low-reputation pages.
2. Exploit protection
It allows users to customize threat mitigation settings for the entire operating system or individual apps on the device.
3. Smart App Control (Windows 11 only)
It is designed to scan for malware and block potentially harmful apps that may slow down the computer, display unwanted ads, or offer unrelated software.
Purpose of hiding App & Browser Control
If you don’t understand your actions while altering security settings, you may be exposing your system to various potential threats. This is especially true for users in an organization’s network. They may inadvertently disable or misconfigure crucial security measures within App and Browser Control to try and access blocked websites or download specific files. By hiding the settings page altogether, admins can ensure all devices are always protected from cyber threats.
In addition, admins can remove the App & Browser Control section to streamline the Windows Security interface. This will hide the specific section that most users won’t need to access, simplify the Windows Security page, and prevent common users from being confused by more complex settings.
Troubleshooting and common issues
The App & Browser Control is still visible after applying the changes.
It is possible that you made errors while following the steps above. Consider reviewing the instructions again and verifying that you did each step correctly. If you haven’t done so, restart the device to apply the changes. Additionally, you should verify that no conflicting group policies or registry settings override your new configurations.
Access denied errors when modifying settings.
The methods mentioned require users to have administrative privileges, so ensure you log in with an administrator account. Your organization may also restrict the ability of some users to edit group policies and registries. Contact your IT department for assistance if you are included in the restricted accounts and must change the policies or registry.
Turning the App and Browser Control on or off as a functional tool for security
Hiding the App & Browser Control section in Windows security is a practical measure for administrators who want to keep users from tampering with critical security settings. Admins can protect their users and their organizations from various online threats with the help of built-in tools like the Local Group Policy Editor and Registry Editor to execute this task. While removing the section from specific devices can be useful, it is also reversible when necessary. Remember to be cautious when modifying these settings and always back up your system before making changes to ensure you don’t run into unintended consequences.
