Starting with Windows 10 version 2004, Windows Defender Antivirus as been renamed to Microsoft Defender Antivirus.
Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which may be more harmful or annoying. Potentially unwanted applications (PUA) are not considered viruses, malware, or other types of threats, but they might perform actions on endpoints which adversely affect endpoint performance or use. PUA can also refer to an application that has a poor reputation, as assessed by Microsoft Defender ATP, due to certain kinds of undesirable behavior.
For example:
Windows Security has reputation-based protection that can help protect your PC from potentially unwanted applications. Potentially unwanted app blocking was first introduced in Windows 10 May 2020 update, and is turned off by default.
It is recommend that you turn this feature on, and that you enable both block apps and block downloads.
While Microsoft announced the new PUA feature as only available for the Enterprise edition of Windows 10, Home and Pro editions can also enable it on their Windows 10 PCs to block the deployment of adware during software installations.
PUA protection updates are included as part of the existing definition updates and cloud protection of Microsoft Defender Antivirus.
For more details, see:
This tutorial will show you how to enable or disable Potential Unwanted App (PUA) protection in Microsoft Defender AntiVirus for all users in Windows 10.
EXAMPLE: Microsoft Defender PUA protection
1 Open Windows Security, and click/tap on the App & browser control icon.
2 Click/tap on the Reputation-based protection settings link. (see screenshot below)
3 Turn on (default) or off Potentially unwanted app blocking for what you want. (see screenshots below)
A) If you turned on Potentially unwanted app blocking, you can check (default)or uncheck Block apps and/or Block downloads for what you want.
4 If prompted by UAC, click on Yes to approve the change.
5 You can now close Windows Security if you like.
1 Open an elevated PowerShell.
2 Copy and paste the command below you want to use into the elevated PowerShell, and press Enter. (see screenshot below)
(Turn off Windows Defender PUA protection to not block apps)
or
OR
(Turn on Windows Defender PUA protection and block apps - Default)
or
OR
(Audit Mode - will only detect and log PUAs, but will not block apps)
or
3 You can now close the elevated PowerShell window if you like.
1 Open the Local Group Policy Editor.
2 In the left pane of Local Group Policy Editor, navigate to the location below available to you. (see screenshot below)
Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus
OR
Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus
3 In the right pane of Windows Defender Antivirus in Local Group Policy Editor, double click/tap on the Configure detection for potentially unwanted applications policy to edit it. (see screenshot above)
4 Do step 5 (enable, )step 6 (audit mode), or step 7 (disable) below for what you would like to do.
9 When finished, you can close the Local Group Policy Editor if you like.
1 Do step 2 (always enable), step 3 (Always audit mode), step 4 (Always disable), or step 5 (default) below for what you would like to do.
A) Click/tap on the Download button below to download the file below, and go to step 6 below.
Always_enable_Windows_Defender_PUA_and_block_apps.reg
Download
6 Save the .reg file to your desktop.
7 Double click/tap on the downloaded .reg file to merge it.
8 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.
9 Restart the computer to apply.
10 You can now delete the downloaded .reg file if you like.
That's it,
Shawn
Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which may be more harmful or annoying. Potentially unwanted applications (PUA) are not considered viruses, malware, or other types of threats, but they might perform actions on endpoints which adversely affect endpoint performance or use. PUA can also refer to an application that has a poor reputation, as assessed by Microsoft Defender ATP, due to certain kinds of undesirable behavior.
For example:
- Advertising software: Software that displays advertisements or promotions, including software that inserts advertisements to webpages.
- Bundling software: Software that offers to install other software that is not digitally signed by the same entity. Also, software that offers to install other software that qualify as PUA.
- Evasion software: Software that actively tries to evade detection by security products, including software that behaves differently in the presence of security products.
Windows Security has reputation-based protection that can help protect your PC from potentially unwanted applications. Potentially unwanted app blocking was first introduced in Windows 10 May 2020 update, and is turned off by default.
It is recommend that you turn this feature on, and that you enable both block apps and block downloads.
- Block apps will detect PUA that you've already downloaded or installed, so if you're using a different browser Windows Security can still detect PUA after you've downloaded it.
- Block downloads looks for PUA as it's being downloaded, but it only works with the new Microsoft Edge browser.
While Microsoft announced the new PUA feature as only available for the Enterprise edition of Windows 10, Home and Pro editions can also enable it on their Windows 10 PCs to block the deployment of adware during software installations.
PUA protection updates are included as part of the existing definition updates and cloud protection of Microsoft Defender Antivirus.
For more details, see:
- Protect your PC from potentially unwanted applications | Microsoft Support
- Detect and block potentially unwanted applications | Microsoft Docs
- Shields up on potentially unwanted applications in your enterprise - Microsoft Security Blog
- Microsoft Malware Protection Center - How Microsoft antimalware products identify potentially unwanted software
This tutorial will show you how to enable or disable Potential Unwanted App (PUA) protection in Microsoft Defender AntiVirus for all users in Windows 10.
EXAMPLE: Microsoft Defender PUA protection
OPTION ONE
Turn On or Off Microsoft Defender Potentially Unwanted App (PUA) App Blocking Protection in Windows Security
1 Open Windows Security, and click/tap on the App & browser control icon.
2 Click/tap on the Reputation-based protection settings link. (see screenshot below)
3 Turn on (default) or off Potentially unwanted app blocking for what you want. (see screenshots below)
A) If you turned on Potentially unwanted app blocking, you can check (default)or uncheck Block apps and/or Block downloads for what you want.
4 If prompted by UAC, click on Yes to approve the change.
5 You can now close Windows Security if you like.
OPTION TWO
Turn On or Off Microsoft Defender Potentially Unwanted App (PUA) App Blocking Protection in PowerShell
1 Open an elevated PowerShell.
2 Copy and paste the command below you want to use into the elevated PowerShell, and press Enter. (see screenshot below)
(Turn off Windows Defender PUA protection to not block apps)
Set-MpPreference -PUAProtection 0
or
Set-MpPreference -PUAProtection Disabled
OR
(Turn on Windows Defender PUA protection and block apps - Default)
Set-MpPreference -PUAProtection 1
or
Set-MpPreference -PUAProtection Enabled
OR
(Audit Mode - will only detect and log PUAs, but will not block apps)
Set-MpPreference -PUAProtection 2
or
Set-MpPreference -PUAProtection AuditMode
3 You can now close the elevated PowerShell window if you like.
OPTION THREE
Enable or Disable Microsoft Defender Potentially Unwanted App (PUA) App Blocking Protection in Local Group Policy Editor
1 Open the Local Group Policy Editor.
2 In the left pane of Local Group Policy Editor, navigate to the location below available to you. (see screenshot below)
Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus
OR
Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus
3 In the right pane of Windows Defender Antivirus in Local Group Policy Editor, double click/tap on the Configure detection for potentially unwanted applications policy to edit it. (see screenshot above)
4 Do step 5 (enable, )step 6 (audit mode), or step 7 (disable) below for what you would like to do.
5 To Always Enable Microsoft Defender PUA Protection and Block Apps
A) Select (dot) Enabled, select Block in the Options drop down menu, click/tap on OK, and go to step 9 below. (see screenshot below)
6 To Always Enable Audit Mode for Microsoft Defender PUA Protection and Not Block Apps
A) Select (dot) Enabled, select Audit Mode in the Options drop down menu, click/tap on OK, and go to step 9 below. (see screenshot below)
7 To Always Disable Microsoft Defender PUA Protection and Not Block Apps
A) Select (dot) Enabled, select Disable in the Options drop down menu, click/tap on OK, and go to step 9 below. (see screenshot below)
8 Default Allow to Change Microsoft Defender PUA Settings in Windows Security
9 When finished, you can close the Local Group Policy Editor if you like.
OPTION FOUR
Enable or Disable Microsoft Defender Potentially Unwanted App (PUA) App Blocking Protection using a REG file
1 Do step 2 (always enable), step 3 (Always audit mode), step 4 (Always disable), or step 5 (default) below for what you would like to do.
2 To Always Enable Microsoft Defender PUA Protection and Block Apps
A) Click/tap on the Download button below to download the file below, and go to step 6 below.
Always_enable_Windows_Defender_PUA_and_block_apps.reg
Download
3 To Always Enable Audit Mode for Microsoft Defender PUA Protection and Not Block Apps
A) Click/tap on the Download button below to download the file below, and go to step 6 below.
Always_enable_Audit_Mode_Windows_Defender_PUA_and_not_block_apps.reg
Download
Always_enable_Audit_Mode_Windows_Defender_PUA_and_not_block_apps.reg
Download
4 To Always Disable Microsoft Defender PUA Protection and Not Block Apps
A) Click/tap on the Download button below to download the file below, and go to step 6 below.
Always_disable_Windows_Defender_PUA_protection_and_not_block_apps.reg
Download
Always_disable_Windows_Defender_PUA_protection_and_not_block_apps.reg
Download
5 Default Allow to Change Microsoft Defender PUA Settings in Windows Security
A) Click/tap on the Download button below to download the file below, and go to step 6 below.
Default_allow_set_Windows_Defender_PUA_in_Windows_Security.reg
Download
Default_allow_set_Windows_Defender_PUA_in_Windows_Security.reg
Download
6 Save the .reg file to your desktop.
7 Double click/tap on the downloaded .reg file to merge it.
8 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.
9 Restart the computer to apply.
10 You can now delete the downloaded .reg file if you like.
That's it,
Shawn
0 comments:
Post a Comment
Note: only a member of this blog may post a comment.