Last active
May 9, 2026 17:33
-
-
Save MrMarvel/766afa3668f7d9e73431ec2cdda2a0f2 to your computer and use it in GitHub Desktop.
Temporarily disable Smart App Control to launch specific app (workaround for exclusions)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #at top of script | |
| if (! | |
| #current role | |
| (New-Object Security.Principal.WindowsPrincipal( | |
| [Security.Principal.WindowsIdentity]::GetCurrent() | |
| #is admin? | |
| )).IsInRole( | |
| [Security.Principal.WindowsBuiltInRole]::Administrator | |
| ) | |
| ) { | |
| #elevate script and exit current non-elevated runtime | |
| Start-Process ` | |
| -FilePath 'powershell' ` | |
| -ArgumentList ( | |
| #flatten to single array | |
| '-File', $MyInvocation.MyCommand.Source, $args ` | |
| | %{ $_ } | |
| ) ` | |
| -Verb RunAs | |
| exit | |
| } | |
| $wasEnabledSmartAppControl = (Get-MpComputerStatus).SmartAppControlState -eq "On" | |
| $appWorkingFolder = $PSScriptRoot # <----- WORK FOLDER | |
| $appPath = "$appWorkingFolder/choose_app.exe" # <---- EXE FILE | |
| if ($wasEnabledSmartAppControl) { | |
| Write-Output "Disabling Smart App Control..." | |
| # Disable: set to 0 (Off) | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\CI\Policy" -Name "VerifiedAndReputablePolicyState" -Value 0 | |
| echo "STOP" | citool -r | Out-Null # Apply changes without reboot [web:18] | |
| # Verify disabled | |
| if ((Get-MpComputerStatus).SmartAppControlState -ne "Off") { | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\CI\Policy" -Name "VerifiedAndReputablePolicyState" -Value 1 | |
| echo "STOP" | citool -r | Out-Null | |
| Write-Error "Failed to disable Smart App Control" | |
| exit 1 | |
| } | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\CI\Policy" -Name "VerifiedAndReputablePolicyState" -Value 1 | |
| Write-Output "Disabled Smart App Control." | |
| } | |
| Write-Output "my cool unsafe app" | |
| cd $appWorkingFolder | |
| Start-Process $appPath | |
| Start-Sleep -Milliseconds 3000 | |
| if ($wasEnabledSmartAppControl) { | |
| Write-Output "Re-enabling Smart App Control..." | |
| # Re-enable: set to 1 (On) | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\CI\Policy" -Name "VerifiedAndReputablePolicyState" -Value 1 | |
| # Verify re-enabled | |
| for ($i = 0; $i -lt 30; $i++) { | |
| echo "STOP" | citool -r | Out-Null # Apply changes [web:18] | |
| if ((Get-MpComputerStatus).SmartAppControlState -eq "On") { | |
| break | |
| } | |
| Start-Sleep -Milliseconds 100 | |
| } | |
| if ((Get-MpComputerStatus).SmartAppControlState -ne "On") { | |
| Write-Error "Failed to re-enable Smart App Control" | |
| } | |
| Write-Output "Successfully re-enabled Smart App Control" | |
| } | |
| Start-Sleep -Milliseconds 5000 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment