Smart App Control (SAC) is a Windows Security feature that works with applications like Microsoft Defender. SAC provides malware protection by blocking malicious or untrusted apps. The software also blocks apps that cause your device to run slower, display ads, etc.
Managing Smart App Control enhances endpoint user protection and reduces reliance on third-party application whitelisting tools. Whether you want to enable or disable the app, this article will walk you through the different ways you can manage SAC and provide other useful information to help you navigate the software.
Different methods to enable or disable Smart App Control
You can enable or disable Smart App Control by navigating the Windows Security app or creating and merging a REG file. Both methods are easy and offer different advantages and uses, depending on your needs.
📌 Prerequisites:
- Clean installs of Windows 11 22H2+ (not upgrades)
- Enabled Virtualization-Based Security (VBS) and Core Isolation
⚠️ Warning: Once disabled, you’ll need to re-enable SAC by resetting Windows. (To do so, refer to How to re-enable Smart App Control.)
📌 Recommended deployment strategies:
| Click to Choose a Method | 💻 Best for Individual Users | 💻💻💻 Best for Enterprises |
| Method 1: Via the Windows Security app | ✓ | |
| Method 2: Using REG file | ✓ |
Method 1: Turn on or off via the Windows Security app
Navigating the Windows Security app to turn SAC on or off is the most straightforward method. You’ll only need to click and toggle on a few buttons instead of creating a separate file and copy-pasting scripts.
📌 Use Case: Individual users looking to turn on or off SAC on their device
- Press the Windows key, type Settings, then press Enter.
- Click on Privacy & security > Windows Security > App & browser control.
- Click Smart App Control settings.
- Choose one of the following:
- On – Enforces blocking of untrusted apps
- Evaluation – Observes behavior without blocking
- Off – Turns off SAC
Method 2: Turn on or off Smart App Control using a REG file
Creating a REG file to enable or disable Smart App Control is more advanced. However, it’s still relatively simple since you don’t need administrator rights or specialized apps. While making a REG file is more suited for IT administrators, at-home users can also use this method.
📌 Use Cases: IT admins looking to deploy a REG file to automate configuration across different machines
- Press the Windows key, type Notepad, then press Enter.
- Copy and paste the following (separate files) and save them using the written filename:
- To turn on Smart App Control:
- Filename: Turn_ON_Smart_App_Control.reg
- To turn on Smart App Control:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Policy]
"VerifiedAndReputablePolicyState"=dword:00000001
- To set Smart App Control to Evaluation mode
- Filename: Set_Smart_App_Control_to_Evaluation_mode.reg
- To set Smart App Control to Evaluation mode
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Policy]
"VerifiedAndReputablePolicyState"=dword:00000002
- To turn off Smart App Control
- Filename: Turn_OFF_Smart_App_Control.reg
- To turn off Smart App Control
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Policy]
"VerifiedAndReputablePolicyState"=dword:000000
- Double-click the REG file to merge it.
- Click Run, Yes, and/or OK to approve the merge.
💡 Note: Evaluation mode is when Windows determines if you’re a good candidate for SAC. If the system deems you a good candidate, then SAC will be automatically turned on.
⚠️ Warning: Ensure you save using the written filename to turn the text into a REG file. (For more information, refer to: Things to look out for.)
How to Monitor Smart App Control
You can monitor Smart App Control’s status using PowerShell to see if it’s enabled, disabled, or in Evaluation mode.
📌 Prerequisite: Administrator rights
- Press the Windows key, type PowerShell, right-click the PowerShell app, and press Run as administrator.
- Copy and paste the following script into the command prompt, then press Enter:
Get-MpComputerStatus | Select-Object SmartAppControlState
- You should see the current status.
💡 Note: If nothing shows up, your device may not have Smart App Control or have restricted it.
How to re-enable Smart App Control
As mentioned, you must reset Windows to re-enable SAC once disabled. To do so, follow the steps below:
- Press the Windows key + I to open Settings.
- Click System, then scroll to Recovery.
- Press Reset this PC and follow the prompts.
- Pick between Remove everything or Keep my files as needed, depending on your preference.
- After resetting, Smart App Control will be in Evaluation mode. You can turn SAC on by following one of the two methods above.
⚠️ Warning: Choosing Remove everything will delete all your files and reset apps to their default settings. Keep a backup of important files if you want to reset your device. (For more details, check out: Things to look out for.)
⚠️ Things to look out for
| Risks | Potential Consequences | Reversals |
| Malware infiltration | Disabling SAC reduces malware protection. This means you won’t have a defense against harmful files or accidentally opened phishing emails. | Before disabling SAC, consider turning on Evaluation mode instead to keep your device monitored. However, you should reset Windows immediately if your system is compromised and data is lost. |
| Invalid REG file | An improperly created REG file will not work and could affect how you manage Smart App Control. | Create a new REG file or modify the old one. Copy and paste the script and save the file using the recommended filename (.reg) to ensure you can merge it. |
| Deleting everything | Resetting Windows also lets you delete all your files if you want to. Some users could accidentally delete their files. | Unfortunately, you cannot retrieve deleted files if you accidentally remove them. A preventive measure is to keep a separate copy on a different drive in case of accidental deletion. |
Additional information regarding Smart App Control
Smart App Control and its functions can be overwhelming since they deal with malware and work with other software. To understand the app better, refer to the info below, as they could help you better manage SAC.
Works with Defender SmartScreen
Smart App Control also works with Microsoft Defender SmartScreen to protect users from phishing, malicious websites, and harmful downloads. SAC extends this by blocking untrusted and unsafe applications from executing based on reputation analysis.
Overrides user decisions
SAC has a strict enforcement model that prevents end-user overrides, which means even if you intentionally launch a downloaded executable or script, SAC will block it.
Only blocks unsigned or unknown apps
Smart App Control only blocks applications that lack valid digital signatures or are unknown to Microsoft’s reputation-based services, like Microsoft Defender SmartScreen or Microsoft Defender.
To minimize false positives, SAC won’t block apps published by reputable companies, commonly used, and/or previously verified.
No GPO or registry toggle yet
There isn’t a GPO or Registry toggle for SAC yet. Currently, Smart App Control is designed for consumers and unmanaged environments. This limits enterprise scalability for now, unless you deploy a REG file.
Block suspicious software by managing Windows 11’s Smart App Control
Smart App Control (SAC) is a Windows 11 security feature that blocks malicious, untrusted, or potentially unwanted apps to enhance device protection. It prevents users from launching risky files, even manually. Users can manage SAC through the Windows Security app or by creating REG files.
You can only re-enable SAC by resetting Windows, which may result in data loss if files aren’t backed up. Disabling SAC increases the risk of malware and unwanted software affecting system performance or security, so it’s typically not recommended.
Related topics:
- Hide or Show App and Browser Control in Windows Security in Windows 10
- How to Allow or Deny Apps Access to File System in Windows 10/11
- Understanding Windows Defender Application Control (WDAC)
- How to Bypass ‘This app has been blocked for your protection’ in Windows 10
- How to Configure Background Apps in Windows 11
