Home Station Construction 10-15-20 Meter Stack 40 Meter Stack 80 Meter Wire Beam VHF Station The Shack PVRC Web Page V26B Web Site N3OC Live Weather Guitar Page Contest Seminar Feedback Military Radios HomePatrol GI7B SO2R Focus Control Ring Rotor Visual Basic 6 Projects Python Projects Quicken 2001 Windows 11 Motorola Radios Smart App Control

Windows Smart App Control (SAC) and Smart Screen

Introduction

Recent versions of Microsoft Windows have introduced Smart Screen (Windows 10 and beyond) and Smart App Control (Windows 11 22H2 and beyond. These are both attempts at blocking malicious or unknown programs from installing or running on your PC. Most of the time they are correct and provide a service keeping bad programs from running, but some times they are wrong and you may need solutions to let your program or install run anyway. There are bad actors out there with other ways around it to allow malicious programs, and I will not present any of that information here. I will only present a couple alternatives to allow software you believe to be safe to run.

This is particularly true with Smart App Control (SAC) which is a new deployment with NO provision for allowing a program to run anyway, short of completely and permanently disabling it. Smart Screen is not so bad because you can allow the program to continue with a couple clicks. Smart App Control does not allow this, and disabling it is permanent and requires a fresh install of Windows to re-enable it, forcing you to re-install all of your software. So there are no solutions provided by Microsoft to allow a program you know is good other than submitting Feedback and a sample of the program and hoping and waiting they do something about it.

This page will attempt to show you several work-around methods to allow a program through Smart App Control. At the end of the day, if none of these solutions work for you and you have to run the program, you will have no choice but to disable it but remember this is irreversible and permanent (it will warn you). It would be nice to save it as it is a nice feature to have in Windows 11 (if you have Windows 10 you don't have to worry about Smart App Control (SAC).

Smart Screen

Let's deal with Smart Screen first as it is the easiest to work with. It simply looks for a code-signing certificate on any software it thinks came from the internet. It looks for the Mark of the Web (MotW) attribute to be set on a file. If it finds it set, then it checks for a code-signing certificate. If it does not find one, it displays this warning:

Not all software that comes from the web without a code-signing certificate is malicious, and sometimes what is malicious or not is subjective and up to the interpretation of the person making those kind of determinations. But how can you know for sure? That's where the code-signing certificate comes into play. A developer has to submit their source code for review and analysis then the code can be signed, in theory providing some guarantee it is not malicious.

But many small time or hobbyist developers cannot or will not pay around $500 a year to sign a program they are giving you for free. This shows up a LOT on ham radio software. This is where some method of overriding this comes into play. But you better know for sure the software you are letting through is OK because if it is not, the blame is on you.

To allow a program through Smart Screen, just click on More Info at the first warning and then click Run Anyway and the program will install or run.

 

Smart App Control (SAC)

Now comes the problem. Starting on fresh installs of Windows 11 22H2 or newer, SAC is installed and usually activated. Note that if you upgrade an older version of Windows 10 or Windows 11 it may be disabled or start off in Evaluation mode. Evaluation mode allows SAC to run for a while allowing all apps to run then it decides if you have run a lot of apps that would have been blocked and it will make a decision on its own to turn off or on.

SAC is based on a zero-trust model, and uses several methods to decide if an app is safe to install or run. It checks for the Mark of the Web (MotW) just like Smart Screen, and if found, checks for a code-signing certificate. It also appears to have its own cloud database of signatures of blocked or malicious apps (likely using Windows Defender databases for this) and makes reputation-based decisions. It relies heavily on AI to make these determinations.

The only support solution from Microsoft is to turn SAC off. And this is permanent and irreversible. I think their rationale is that once you turn it off and some malicious software gets in, your system can no longer be trusted as secure without a fresh Windows install. While this is true, it is an extreme position to take but also is the most secure position to take. The problem is there is a lot of safe software that is blocking. So you might need a solution where you can get your program to run while leaving SAC turned on. I will show a few solutions here.

I have also verified that - at least for now - SAC can stay on if you need to disable driver signature enforcement to install an old unsigned hardware driver, or you need to run your system with TESTSIGNING ON to install unsigned software drivers. The latter requires secure boot to be disabled, and this too does not seem to have any effect on SAC. This might change on future updates to SAC (let's hope not).

Remove Mark of the Web (MotW) file attribute

  1. Right-click the file name

  2. Click on Properties

  3. At the bottom, in the attributes section, click on Unblock

  4. Try running the install again

Extract the .msi file from inside a self-extracting .exe file that is otherwise blocked on another machine without SAC, bring back and run the .msi file to install on the SAC machine

  1. Take the .exe install file to a machine not running SAC

  2. Run the .exe installer

  3. Watch for a message that the installer is extracting the .msi file and note its name

  1. Stop at the first install screen and do not click Next

  2. Open File Explorer, navigate to the C: drive, and in the search box at the top right enter the name of the .msi file you saw being extracted

  1. If you are lucky, it will show in the search results and this might take a few minutes to find the temporary folder that was used

  2. Right-click the .msi file, and copy it somewhere else and bring this file back to the machine running SAC and run it and it might install

Extract a .zip file to another local folder on another machine without SAC and bring back to SAC machine

  1. Take the .zip file that is being blocked to another machine not running SAC

  2. Extract it to a folder

  3. Check the folder for MotW - click on the Unblock box

  4. Copy the folder to the maching running SAC and try running setup.exe from inside this folder

Reference Links

https://learn.microsoft.com/en-us/windows/apps/develop/smart-app-control/overview

https://support.microsoft.com/en-us/windows/smart-app-control-frequently-asked-questions-285ea03d-fa88-4d56-882e-6698afdb7003

https://learn.microsoft.com/en-us/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/

 

Hit Counter

Last updated 06/23/2025