WSL not working when Windows 11 Smart App Control is turned On

[ravik694]

Issue Title

WSL not working when Windows 11 Smart App Control is turned On

Windows version / build number

PS C:\> cmd.exe --version
Microsoft Windows [Version 10.0.22621.608]
(c) Microsoft Corporation. All rights reserved.

Steps required to reproduce

1. Perform a clean install of Windows 11 22H2 and change Smart App Control from Evaluation Mode to On.
2. Install Windows Subsystem for Linux Preview from the Microsoft Store app.
3. Install Ubuntu (or any other WSL distro) from the Microsoft Store app.
4. Attempt to run the distro or run any wsl.exe command

Copy of the terminal output

PS C:\> wsl
ResourceUnavailable: Program 'wsl.exe' failed to run: An error occurred trying to start process 'C:\WINDOWS\system32\wsl.exe' with working directory 'C:\'. Your organization used Device Guard to block this app. Contact your support person for more info.At line:1 char:1
+ wsl
+ ~~~.

Expected Behavior

WSL commands execute without errors.

Strace of the failing command

N/A. Not able to start any WSL Distro.

Additional information

Screenshots:

Collect WSL logs (recommended method)

WslLogs-2022-10-07_14-12-21.zip

Collect WSL logs with Feedback hub

https://aka.ms/AAi9jo9

[benhillis]

Unfortunately, according to the smart app control folks, this is by design.

[Xeevis]

wsl.exe is not digitally signed therefore it can't be loaded by any other app like Ubuntu app or %LocalAppData%\Microsoft\WindowsApps\wsl.exe alias on PATH or even Docker Desktop.

You can only launch it directly, either through "Windows Subsystem for Linux" app from Microsoft Store.

For CMD/PS CLI you can use this command

start shell:AppsFolder\MicrosoftCorporationII.WindowsSubsystemForLinux_8wekyb3d8bbwe!wsl

or (breaks on update)

start "C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForLinux_1.0.3.0_x64__8wekyb3d8bbwe\wsl.exe"

Obviously not a solution, but it does let you access WSL for some isolated purposes.

[M4nu3K07]

I get this exact same error on March 2023. What's happening?

[griffi-gh]

I get this exact same error on March 2023. What's happening?

turn off smart app control, it's not intended for developers or power users. (That's what Evaluation period is for, it should turn itself off automatically if it detects that it will get in your way too much)

[adnannazir]

I think Smart App Control is a good way to avoid viruses but yes there should be a way to allow apps as exception.

[Xeevis]

I think Smart App Control is a good way to avoid viruses but yes there should be a way to allow apps as exception.

There shouldn't, that would amount to a backdoor. Reason why this is so effective security feature is that it's impossible to disable or bypass once turned on. If you encounter problem reach out to the developer of blocked app and ask him to sign his code. Nobody deliberately signs malicious code and huge majority of legitimate software is digitally signed. This protects users who have tough time determining source and trustworthiness of apps.

[griffi-gh]

I think Smart App Control is a good way to avoid viruses but yes there should be a way to allow apps as exception.

There shouldn't, that would amount to a backdoor. Reason why this is so effective security feature is that it's impossible to disable or bypass once turned on. If you encounter problem reach out to the developer of blocked app and ask him to sign his code. Nobody deliberately signs malicious code and huge majority of legitimate software is digitally signed. This protects users who have tough time determining source and trustworthiness of apps.

It can be disabled at any time but it's impossible to turn it back on
If you're doing any development on the machine turn it off, as it will prevent you from running your compiled executables and/or tools like wsl (by design!)

[griffi-gh]

Nevermind, your device is managed by your organization, which enabled Smart App control.

[elico]

I cannot install WSL from App Store. Is there any other solution rather then disabling smart screen?