I think the SMB redirector runs in the context of a system process, so adding something like this to AllowedApps will tunnel more than you really need. However, I think I can add a new setting called AllowedPorts to have AllowedPorts = tcp:139, tcp:445 force SMB traffic into the tunnel.
I wouldn’t say it’s anything complicated, just another filter similar to the existing DNS redirect implementation. But at the same time, it requires adding new configuration options and some tests. All in all, it will probably take me a day. So I guess if I won’t have anything urgent, I can dedicate a day to it next weekend.