Warn about Smart App Control when applying SRP

Add a Smart App Control (SAC) compatibility check to the generated PowerShell for applying Software Restriction Policies (SRP). The script now reads HKLM:\\SYSTEM\\CurrentControlSet\\Control\\CI\\Policy -> VerifiedAndReputablePolicyState and emits a warning if SAC is in Evaluation (1) or On (2), since SAC can override SRP on Windows 11. This is a non-invasive notification (it still sets the SRP registry keys) and only runs for non-Home systems when the blockExecutables lock is enabled, guiding users to disable SAC if they want SRP to take effect.

Author: boopathirbk

src/utils/scriptBuilder.ts

@@ -611,6 +611,18 @@ $SRP = "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers"
 ${isLock && system.blockExecutables ? `
 if (-not $IsHome) {
     Write-Host "[*] Applying Software Restriction Policies (Pro/Ent Only)..." -ForegroundColor Yellow
+
+    # --- Smart App Control (SAC) Compatibility Check ---
+    # On Windows 11, SAC overrides SRP when it is 'On' or in 'Evaluation' mode.
+    # SAC state is stored at HKLM:\SYSTEM\CurrentControlSet\Control\CI\Policy -> VerifiedAndReputablePolicyState
+    #   0 = Off, 1 = Evaluation, 2 = On
+    $SACState = (Get-ItemProperty -Path "HKLM:\\SYSTEM\\CurrentControlSet\\Control\\CI\\Policy" -Name "VerifiedAndReputablePolicyState" -ErrorAction SilentlyContinue).VerifiedAndReputablePolicyState
+    if ($SACState -eq 1 -or $SACState -eq 2) {
+        Write-Host "    [!] WARNING: Smart App Control is active (state=$SACState)." -ForegroundColor Magenta
+        Write-Host "        SRP may be IGNORED on this Windows 11 machine while SAC is on/evaluating." -ForegroundColor Magenta
+        Write-Host "        To enable SRP: turn off Smart App Control in Windows Security > App & Browser Control." -ForegroundColor Magenta
+    }
+
     Set-RegKey -Path $SRP -Name "TransparentEnabled" -Value 1
     Set-RegKey -Path $SRP -Name "PolicyScope" -Value 1