Windows 11 has a new way to protect you from your own bad judgement

Windows 11 logo on a blue, folded backdrop
(Image credit: Microsoft)

Microsoft has added a new feature to its Windows 11 operating system to help shield users against phishing and malware attacks.

Smart App Control, a Windows 11 feature that protects against malicious or untrusted apps, now also blocks a number of new file types when they’re downloaded from the internet.

Specifically, the service now blocks file types adopted recently by cybercriminals after Microsoft took steps to disable macros in downloaded Office documents. The list includes .lnk, .iso, .img, .vhd, .vhdx, .appref-ms, .bat, .cmd, .chm, .cpl, .js, .jse, .msc, .msp, .reg, .vbe, .vbs, and .wsf files.

Blocking unsafe file types

One of the most common ways people end up with a malware infection is by falling for a phishing scam. Although most are easy enough to spot to the trained eye, many people make the mistake of downloading attachments and following web links they shouldn't.

The latest Windows update will go some way to guarding against mistakes of this kind.

"Windows 11 with smart app control blocks iso and lnk files that have mark of the web just like Macros," explained David Weston, Microsoft's VP for Enterprise and OS Security, in a tweet earlier this week.

Users that try to run these files will be greeted with a pop-up message, saying “Smart App Control blocked an app that may be unsafe. This file was blocked because files of this type from the internet can be dangerous".

While this is certainly a welcome update, the new protection will only be available to a small group of users for now.

First, not all Windows users will be able to benefit from Smart App Control. In fact, not even all Windows 11 users will gain access, as it only works on devices with a clean Windows 11 installation. Those that upgraded from Windows 10 will still have to rely on their own intuition and antivirus (opens in new tab) programs to keep them safe from malicious files from the internet.

While the tool is still being tested, it's also only available to members of the Windows Insider program. All being well, it should be bundled into a full, public Windows 11 release in the near future.

Via BleepingComputer (opens in new tab)

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.