Windows 11 Insider Updates Add Native Sysmon and Relax Smart App Control Re-Enablement
Microsoft is rolling out native Sysmon functionality to some Windows 11 devices in the Windows Insider program, integrating the Sysinternals System Monitor directly into the OS. Sysmon records security-relevant telemetry to the Windows Event Log (e.g., process creation/termination and, when configured, richer behaviors such as file creation, process tampering, clipboard changes, and deleted-file backup) to support threat detection and hunting; the built-in capability is disabled by default and must be explicitly enabled, with guidance to remove any separately installed Sysmon before turning on the native feature.
In parallel Windows 11 Insider builds, Microsoft is also changing Smart App Control (SAC) behavior so users can turn SAC off and later re-enable it without a full OS reinstall, reversing the prior “clean install only” design that permanently blocked reactivation after disablement. The change follows user-impacting false positives (e.g., SAC flagging ASUS Armoury Crate on ASUS ROG Ally), and Microsoft’s updated approach aims to reduce operational friction while still encouraging users to keep SAC enabled unless conflicts require disabling it.
Sources
Related Stories
Windows 11 Preview Updates Add Native Sysmon and Fix Explorer/Taskbar Regressions
Microsoft’s latest Windows 11 preview releases for Insiders and optional updaters introduce **native Sysmon** and ship fixes for disruptive **Windows Explorer/taskbar** regressions. Windows 11 Insider Dev Channel Build `26300.7733` (KB5074178) adds Sysmon as a built-in *Optional Feature*, bringing deeper endpoint telemetry (e.g., process creation with command lines, network connections, driver loads, and file timestamp manipulation) intended to improve forensic visibility and incident investigation; Microsoft notes the integrated Sysmon conflicts with legacy standalone Sysmon installs, requiring removal of the older version before enabling the new feature. Separately, the optional preview update **KB5074105** for Windows 11 `24H2`/`25H2` addresses a January cumulative-update regression where `Explorer.exe` could hang at startup—causing the taskbar to intermittently disappear and forcing users to restart Explorer via Task Manager—and also fixes reports of desktop icons being rearranged unexpectedly. ZDNET characterizes the upcoming February Windows 11 patch as feature-heavy and indicates KB5074105 is an early look at what will roll into the broader monthly release, while other referenced ZDNET pieces are general OS commentary/comparisons and not tied to the Sysmon integration or the KB5074105 Explorer fix; an Android 17 feature roundup is unrelated.
1 months agoMicrosoft Announces Native Sysmon Integration and New Windows 11 Recovery Tools
Microsoft has announced significant enhancements to Windows 11 and Windows Server 2025, including the native integration of Sysmon, a powerful system monitoring tool previously available only as a standalone Sysinternals utility. With this integration, administrators will be able to deploy and manage Sysmon directly through Windows features and updates, simplifying large-scale monitoring and threat detection. Sysmon's advanced event filtering and custom configuration capabilities will remain intact, enabling organizations to monitor for suspicious activity, process tampering, and other security-relevant events without the need for separate installations. In addition to Sysmon integration, Microsoft introduced two new recovery features for Windows 11: Cloud Rebuild and Point-in-Time Restore (PITR). These tools are designed to minimize downtime and streamline recovery from system failures or problematic updates. PITR allows users and IT administrators to quickly roll back systems to healthy snapshots, restoring not only the OS but also local files and applications. Cloud Rebuild enables remote, cloud-based reinstallation of Windows 11, leveraging Intune and Autopilot for zero-touch provisioning and rapid restoration of user data and settings. Both features are set to be integrated with Microsoft Intune, providing enterprise admins with robust, remote recovery and remediation capabilities.
3 months ago
Microsoft Introduces Windows Baseline Security Mode and App Permission Prompts in Windows 11
Microsoft detailed two Windows security initiatives—**Windows Baseline Security Mode** and **User Transparency and Consent**—aimed at making Windows 11 behave more like mobile platforms in how it gates access to sensitive resources. Under *User Transparency and Consent*, Windows will prompt users when applications request access to protected data and device features (e.g., files, camera, microphone) and when installers attempt to add additional software; decisions will be recorded so users can review and change permissions later, including revoking previously granted access. *Windows Baseline Security Mode* is intended to enable runtime integrity safeguards by default, allowing only properly signed applications, services, and drivers to run while still permitting user/IT-admin exceptions for operational needs. Microsoft positioned the changes under its **Secure Future Initiative** and aligned them with the *Windows Resiliency Initiative*, noting a phased rollout in partnership with developers and enterprises and building on prior controls such as *Smart App Control* and administrator protection.
1 months ago