Re: Why is Microsoft Smart App so damned retarded?

On Wed, 3/26/2025 9:56 PM, CrudeSausage wrote:

On 2025-03-26 9:44 p.m., Paul wrote:

On Wed, 3/26/2025 8:16 PM, CrudeSausage wrote:
>

It blocks legitimate software and even does _that_ inconsistently. > Sometimes, it thinks the software is fine, only to turn around> on the next boot to treat the program as malware.>

https://support.microsoft.com/en-us/windows/app-browser-control-in-the-windows-security-app-8f68fb65-ebb4-3cfb-4bd7-ef0f376f3dc3#bkmk_smart-app-control
>
    "Smart App Control
>
     Smart App Control adds significant protection from new and emerging
     threats by blocking apps that are malicious or untrusted. Smart App Control
     also helps to block potentially unwanted apps, which are apps that may
     cause your device to run slowly, display unexpected ads, offer extra
     software you didn't want [m365], or do other things you don't expect.
>
     Smart App Control works alongside your other security software, such
     as Microsoft Defender or non-Microsoft antivirus tools, for added protection.
    "
>
Just out of curiosity, what does your Reliability panel look like ?
>
    [Picture]
>
     https://i.postimg.cc/CxK20Cnk/reliability-panel-W11.gif
>
Sometimes, the pattern in there, indicates problems you did not know existed.
That's why I am recommending a look in there, because your symptoms
suggests the machine has some kind of health problem. Logged in there, is
activity you would not normally know is happening.
>
I've seen some pretty weird shit in this OS -- in one case weird enough
I wrote up a Feedback Hub entry for it. Most of these correlate with being
in the middle of a Windows Update (and some services have been shut off).
A reboot cures a few of the problems, but not all of them.
>
There are a significant number of failed "App" updates coming from the
Microsoft Store in the reliability panel. But I'm not going to work on
those, unless I can find an updated "err-6.4.5.exe" program, which prints
out reasons for an error, based on the error hex number. Googling
your ass off, using the error codes in the reliability panel, that's
not going to find all the error codes. While the date here is 2024, I think
this particular one came from a further back point in time.
>
https://www.microsoft.com/en-us/download/details.aspx?id=100432

 
One day, it believes that ASUS's ArmouryCrate is malware and blocks parts of it.
Restart, and it suddenly thinks it's okay. Today, it decided that Samsung Magician
is malware. Restart, and it's suddenly a-ok. Enabling this function is pure masochism.
They warned me that I'd have to reinstall to re-enable, but I don't think anyone who
used it would bother to do that considering how it behaves.

ArmouryCrate has a BIOS-level injector. I've seen an "offer" of it as
a Notification on the screen, but only on the machine with the Asus
motherboard.

Both of your Apps, have a potential driver component that is setting
off the "foreign driver" detection. What you should be seeing, if
that was the case, is a Notification, but the wording is different.
For example, I was told to remove an AISuite DLL from System32, and
I didn't even know the uninstaller had failed to remove it, some time
ago. And I believe that is a driver that has an exploit to it, during
installation. After a little poking around, I found a text string
to use as a research path.

OK, I used this as a Google search:

   Microsoft Vulnerable Driver Blocklist

And get this as a breadcrumb.

   https://support.microsoft.com/en-us/windows/device-security-in-the-windows-security-app-afa11526-de57-b1c5-599f-3a4c6a61c5e2

      "Windows 11 includes a blocklist of drivers that have known security vulnerabilities,
       have been signed with certificates used to sign malware, or that circumvent the
       Windows Security Model.

       If you have memory integrity, Smart App Control,   <===
       or Windows S mode on,
       the vulnerable driver blocklist will be on too.
      "

Now, does that mean "ON" as in "armed as a malware detection"
or "ON" as in "will see a friendly notification in the lower right corner" ?

Dunno. But that's my suspicion right now. It is related somehow.

   Paul