Technical Note: Windows Smart App Control (SAC) Compatibility & Event 3077

[AbubakarMahmood1]

Context: I recently encountered a transient block on Windows 11 with Smart App Control (SAC) enabled. While global reputation has since resolved the issue for my local machine, I wanted to provide the logs to help prevent "Cold Start" blocks for other users on future releases.

The Issue: Windows Code Integrity (Policy ID: VerifiedAndReputableDesktop) blocked the execution of ephemeral DLLs extracted to %TEMP%.

Log Evidence (Event ID 3077): Code Integrity determined that a process (\opencode.exe) attempted to load \AppData\Local\Temp.3aeaf62d1f9feef5-00000000.dll that violated code integrity policy.

Log Evidence (Event ID 3033): Code Integrity determined that a process (\opencode.exe) attempted to load \AppData\Local\Temp.3aeaf62d2e57eeed-00000001.dll that did not meet the Enterprise signing level requirements.

Observations: The block was active on Jan 13, 2026, (1/13/2026 2:57:18 AM to 1/13/2026 9:09:15 PM) but resolved by Jan 14, 2026 (1/14/2026 10:20:08 PM), likely due to a global reputation update in the Microsoft Intelligent Security Graph. Versions tested: v1.1.13 through v1.1.20.

Suggested Long-term Mitigations: Code Signing: Formally signing the main binary and any dynamically loaded modules with a trusted certificate would bypass the "Unknown" reputation phase. Binary Location: If possible, move the extraction of necessary dependencies from %TEMP% to a signed sub-directory within the installation path.

Hope this telemetry is helpful for Windows stability!