Share via

Smart App Control

tech 0 Reputation points
2026-03-16T02:27:27.28+00:00

We have a self develop application, but it pop up the error message about Smart App Control after Feb, 2026, I checked we need to prove it as a safe application or install trust root CA cert on the application. Then, how to prove our Application is Safe?

Microsoft Security | Microsoft Authenticator
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-03-16T02:27:41.16+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Smart App Control treats an app as safe (trusted) when either Microsoft’s cloud intelligence can confidently classify it as safe, or the app is correctly code‑signed with a certificate from a certificate authority (CA) in the Microsoft Trusted Root Program.

    For a self‑developed application, the practical way to “prove” it is safe to Smart App Control is:

    1. Sign all binaries with a trusted certificate
      • Obtain a code‑signing certificate from a CA that participates in the Microsoft Trusted Root Program.
      • Sign every part of the app, including .exe, .dll, installers, scripts, and uninstallers.
      • Ensure the signature is valid and not expired.
      • Smart App Control will then allow the app to run if the signature is valid, even when cloud reputation is not yet established.
    2. Avoid unsigned or partially signed code
      • Smart App Control blocks malware, potentially unwanted apps, and unknown, unsigned code by default.
      • Any unsigned or invalidly signed component can cause the app to be treated as untrusted and blocked.
    3. Rely on Microsoft’s app intelligence over time
      • Smart App Control uses cloud‑powered security services to predict whether an app is safe or malicious.
      • As more users run the signed app without issues, reputation can improve and help Smart App Control classify it as safe.
    4. If developing and testing apps
      • For internal testing, use the Smart App Control audit policy (for example, the Smart App Control audit policy without ISG) to verify that all binaries are correctly signed and would be allowed under Smart App Control’s signing requirements.

    In summary, to have Smart App Control recognize the application as safe, ensure it is fully and correctly code‑signed with a certificate from a trusted CA and avoid distributing unsigned or tampered binaries.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.