Thanks for the feedback.

I apologize for my ignorance and my public display of frustration, I am not a developer so I presumed the issue was that of the 3rd party app and not the operating system of which it is installed on. Since one would expect a fresh build and install shouldn't present any such compatibility issues, unfortunately unforeseen circumstances prove otherwise when dealing with certain Windows Updates.

I guess I'll join the cue line of possible future hotfixes.

The latest beta released on June 23, 2026, does not work correctly on Windows 11. Nextstart is blocked by Smart App Control because it lacks the necessary digital signature for approval (though WorkShelf works fine). To get it running and visible (menus, taskbar), Smart App Control must be disabled. This was not the case with the previous beta. I therefore had to revert to that earlier version, as I do not want to disable Smart App Control on Windows 11.
This is just a report based on my own experience; perhaps it works perfectly for others.
A huge thank you for your tireless efforts to fix issues and for all the work you put into making your software as perfect as possible.

Thanks for the heads up.

Look guys, digital signing has turned into nothing but a BIG HUGE SCAM. It has little to do with security and much more to do with an old style cousin Guiddo's money extortion racket these days.

Do you know that even if I signed every single Winstep application and DLLs, you would STILL get SmartScreen warnings despite me having paid between $65 to $219 for a ONE YEAR code‑signing OV certificate?

Until recently the only way to for this not to happen would be to get an EV (Extended Validation) certificate instead of an OV (Organization Validation / Individual Validation).

Problem is, EV certificates cost between $249 and $685 per year, and you cannot get them UNLESS you are a fully registered *corporation*.

So <expletive deleted> the little guys like me.

But it gets worse: apparently Microsoft changed the rules recently YET AGAIN, and now not even EV certificates can bypass SmartScreen. EV and OV certificates no longer give instant SmartScreen trust since Microsoft changed the reputation system in 2024.

SmartScreen no longer trusts a file just because it is signed, but uses a dubious reputation scheme.

Reputation is now based on:

File hash reputation
Publisher reputation (accumulated over time)
Download volume
Telemetry from Windows Defender
User feedback (allow/run decisions)

The certificate only proves identity - it does not grant trust.

I think it's easy to guess what this means and does, no? First, what is enough "download volume" for SmartScreen to stop pestering users is highly relative. Second, every time a new version is released, it goes all the way back to zero, and until then everyone gets a SmartScreen warning.

Here is how all this is actually going to backfire in terms of security: once users realize SmartScreen is basically meaningless these days and they get tired of seeing it for applications they KNOW are safe, they will begin to ignore it "en masse"

The user can always bypass SmartScreen. SmartScreen is not a hard block. A user can:

Click “More info”
Click “Run anyway”

And the program will launch. This has always been true (but I suspect one day it won't anymore, and then Microsoft will have full control over what is allowed to run on Windows and what not).

Anyway, SmartScreen is a reputation and friction system, not a security lockdown (for now).

Smart App Control, on the other hand, is a different beast. The user cannot bypass it. So if you want Microsoft to baby sit you and make all decisions for you, by all means enable Smart App Control.

Smart App Control also doesn't give a rat's ass if the application is signed or not: if the signature is valid but reputation is unknown-> AI model kicks in

There is also very little difference in NextSTART between the previous and the current beta, since I have been focusing on changes made to WorkShelf/Ultimate/Nexus. Shows how little Smart App Control actually knows and how little is required for it to decide to block a file (or not).

What I mentioned earlier about full control being Microsoft's end goal with SmartScreen?

It turns out that future may already be here.

It is called Smart App Control - SAC.

Why There’s No Public Outcry About Smart App Control (SAC)
(And why it may become one of the most restrictive software-control features Microsoft has ever shipped)

Most Windows users have never heard of Smart App Control, but it is already capable of blocking legitimate software before it ever runs.

And unlike the classic SmartScreen warning, this is not just a warning with a hidden Run anyway option.

With SAC, there is currently no per-application override.

If SAC decides an application should not run, the user cannot simply say:

"I know what I am doing, run it anyway."

That is the part that should worry every independent Windows developer.

1. SAC is not enabled for most people

For a long time, SAC was mainly enabled only on clean installs or resets of Windows 11, often starting in an evaluation mode where Windows decided whether the system was a good candidate for it.

If you upgraded from Windows 10 to Windows 11, SAC would usually remain off.

This alone explains why there has not been a huge public backlash: most users have simply never encountered it.

Small visible impact = small noise.

But that also makes SAC dangerous in a different way: it can spread quietly, machine by machine, without most people understanding what changed.

2. SAC is not just another SmartScreen warning

With SmartScreen, users are at least used to seeing a warning and, in many cases, eventually finding a way to run the application anyway.

SAC is different.

SAC is application control. It is designed to decide whether an app or binary is allowed to execute at all.

That distinction matters.

A warning says:

"This may be dangerous."

Application control says:

"You are not allowed to run this."

That is a very different relationship between the user, the developer, and Microsoft.

3. When SAC blocks something, users may blame the software

When a user reports:

"Your installer will not run on my PC."

Most developers naturally think of the usual suspects:

• SmartScreen
• Antivirus
• Corrupted download
• Browser download blocking
• User error

Almost nobody immediately thinks:

"Ah, Smart App Control blocked it."

And most normal users will not know the difference either.

From the user's point of view, the application simply failed to run, and the obvious conclusion is:

"This software is broken."

That is extremely damaging for small developers.

4. The real problem: there is no "allow this app" button

This is the key issue.

SAC does not currently offer a normal per-app allow list for home users.

There is no simple:

• Allow this app
• Trust this publisher
• Run anyway
• I accept the risk

The user can disable SAC, but that is a global security decision. It is not the same thing as allowing one trusted application from one trusted developer.

So the user is forced into a ridiculous choice:

• Leave SAC on and lose access to legitimate software
• Turn SAC off entirely just to run one blocked application

That is bad design.

And it is especially bad for independent developers, because users rarely understand that Microsoft is the one making the decision. They blame the blocked application instead.

5. SAC naturally favors large, high-volume publishers

Microsoft describes SAC as using cloud intelligence, reputation, code signing, and Windows code integrity to decide whether software should be trusted.

That may sound reasonable on paper.

In practice, reputation-based systems naturally favor software that is already widely distributed and already known to Microsoft.

That means large companies are far less likely to suffer from this.

Adobe, Nvidia, Steam, Google, Microsoft, etc. are not the ones who will usually be hurt by this type of system.

The people most likely to be hurt are:

• Independent developers
• Small software companies
• Open-source projects
• Niche utility authors
• Game modders
• Sysadmin tool developers
• Developers releasing new products or frequent updates

In other words: exactly the people who already have the least leverage.

6. Code signing alone may not be enough

Many users assume:

"If the software is digitally signed, Windows will trust it."

That is no longer a safe assumption.

SAC is not merely checking whether an executable has a signature. It also uses Microsoft reputation and cloud intelligence.

So a small developer can do the right thing, sign their software, avoid malware-like behavior, and still run into blocks if Microsoft's systems do not yet have enough confidence in that software.

This creates a classic chicken-and-egg problem:

• New software has low reputation because few people have run it
• Few people can run it because it has low reputation

That is a serious problem for the Windows software ecosystem.

7. This shifts control away from the PC owner

The most worrying part is not that Microsoft is trying to protect users from malware.

Everyone wants less malware.

The worrying part is that Microsoft is moving from:

"We warn you about this software"

to:

"We decide whether this software is allowed to run."

That is a major change.

The PC owner should be the final authority over what runs on their own computer.

Security features should inform, warn, and protect.

They should not quietly turn Microsoft into the gatekeeper for all Windows desktop software.

8. Why there is not more public outrage

There is not much public outcry because:

• Most Windows users do not know SAC exists
• Many upgraded systems do not have it enabled
• Blocked users often blame the application, not SAC
• Developers may misdiagnose the problem as SmartScreen or antivirus
• The people most affected are smaller developers with less media reach
• Microsoft presents it as modern, intelligent security
• There is no simple per-app override, but most users only discover that after something is blocked

So the feature can become more restrictive without triggering the kind of backlash it would cause if everyone understood the implications.

Summary

Smart App Control is not just another warning dialog.

It is a Windows application-control system that can prevent software from running, with no simple per-app override for the user.

That means legitimate software can be blocked not because it is malicious, but because Microsoft's systems do not yet trust it enough.

For large publishers, this may barely matter.

For small developers, niche tools, independent software, and open-source projects, it can be devastating.

And for users, it means the computer they bought is moving one step further away from being truly under their control.

This is the real issue:

Microsoft is no longer merely warning users about software.

With SAC, Microsoft is increasingly deciding what Windows users are allowed to run.

That should concern anyone who still believes the owner of a PC should have the final say over what runs on it.

Yes, I fully understood all those explanations...
But before installing the latest Beta, you first need to disable Smart App Control (if it's enabled) to get the blue SmartScreen bypass window with the "Install anyway" option; otherwise, the Beta installs without that prompt and only works partially. Afterward, you can choose whether or not to re-enable Smart App Control, and everything works correctly.
I assume you usually have Smart App Control disabled, which is why you always see the blue SmartScreen "Install anyway" prompt during installation.
Mine was enabled, even though I usually keep it off. It had re-enabled itself because I had just installed the latest preview update (KB5095093) (26200.8737) without realizing it at the time.
Everything is sorted out now—thanks...

The latest beta probably worked for me on Windows 11 because I did a clean install of Windows 11 when this problem started just to be sure some of the other programs I use, Start11, WindowBlinds, ExplorerPatcher, and Rainmeter were not causing the problem. Smart App Control on my Windows 11 install is still in Evaluation Mode. I only use Windows 11 for testing, so I often restore from a "clean install" backup, or just to be sure, do another clean install.

I first ran into Smart App Control a while ago. It would not let me install a program that I had used before and knew was safe (I don't remember what the program was). There were no options offered. I couldn't install it and that was that. I had to disable Smart App Control which at that time was a permanent choice.

This may also explain my popup on Windows 10 saying "Your administrator requires a security scan of this item". This is my personal computer and I am the administrator. I haven't changed any security settings since I installed Windows 10, so the popup was a surprise. Microsoft probably added some new setting that I'm not aware of.

I haven't used Linux for quite a while but it sure is looking good again.