Enable or Disable Microsoft Defender PUA Protection in Windows 10  

Page 1 of 9 123 ... LastLast
    Enable or Disable Microsoft Defender PUA Protection in Windows 10

    Enable or Disable Microsoft Defender PUA Protection in Windows 10

    How to Enable or Disable Microsoft Defender Antivirus Potential Unwanted App (PUA) Protection in Windows 10
    Published by Category: Security System
    09 Apr 2022
    Designer Media Ltd

    How to Enable or Disable Microsoft Defender Antivirus Potential Unwanted App (PUA) Protection in Windows 10


    Starting with Windows 10 version 2004, Windows Defender Antivirus as been renamed to Microsoft Defender Antivirus.

    Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which may be more harmful or annoying. Potentially unwanted applications (PUA) are not considered viruses, malware, or other types of threats, but they might perform actions on endpoints which adversely affect endpoint performance or use. PUA can also refer to an application that has a poor reputation, as assessed by Microsoft Defender ATP, due to certain kinds of undesirable behavior.

    For example:
    • Advertising software: Software that displays advertisements or promotions, including software that inserts advertisements to webpages.
    • Bundling software: Software that offers to install other software that is not digitally signed by the same entity. Also, software that offers to install other software that qualify as PUA.
    • Evasion software: Software that actively tries to evade detection by security products, including software that behaves differently in the presence of security products.

    Windows Security has reputation-based protection that can help protect your PC from potentially unwanted applications. Potentially unwanted app blocking was first introduced in Windows 10 May 2020 update, and is turned off by default.

    It is recommend that you turn this feature on, and that you enable both block apps and block downloads.

    • Block apps will detect PUA that you've already downloaded or installed, so if you're using a different browser Windows Security can still detect PUA after you've downloaded it.
    • Block downloads looks for PUA as it's being downloaded, but it only works with the new Microsoft Edge browser.

    The Potentially Unwanted Application protection feature is available only for enterprise customers. If you are already one of Microsoft's existing enterprise customers, you need to opt-in to enable and use PUA protection.
    While Microsoft announced the new PUA feature as only available for the Enterprise edition of Windows 10, Home and Pro editions can also enable it on their Windows 10 PCs to block the deployment of adware during software installations.

    PUA protection updates are included as part of the existing definition updates and cloud protection of Microsoft Defender Antivirus.

    For more details, see:

    This tutorial will show you how to enable or disable Potential Unwanted App (PUA) protection in Microsoft Defender AntiVirus for all users in Windows 10.

    You must be signed in as an administrator to enable or disable Microsoft Defender PUA protection.



    Contents

    • Option One: Turn On or Off Microsoft Defender Potentially Unwanted App (PUA) App Blocking Protection in Windows Security
    • Option Two: Turn On or Off Microsoft Defender Potentially Unwanted App (PUA) App Blocking Protection in PowerShell
    • Option Three: Enable or Disable Microsoft Defender Potentially Unwanted App (PUA) App Blocking Protection in Local Group Policy Editor
    • Option Four: Enable or Disable Microsoft Defender Potentially Unwanted App (PUA) App Blocking Protection using a REG file



    EXAMPLE: Microsoft Defender PUA protection

    To download a safe PUP test file: Feature Settings Check AMTSO

    (Windows Security > Virus & threat protection > Protection history)

    Enable or Disable Microsoft Defender PUA Protection in Windows 10-windows_defender_pup_protection-1.jpg
    Enable or Disable Microsoft Defender PUA Protection in Windows 10-windows_defender_pup_protection-2.jpg Enable or Disable Microsoft Defender PUA Protection in Windows 10-windows_defender_pup_protection-3.jpg






    OPTION ONE

    Turn On or Off Microsoft Defender Potentially Unwanted App (PUA) App Blocking Protection in Windows Security


    This option is currently only available in at least Windows 10 Fast (Dev Channel) build 19577 and higher.


    1 Open Windows Security, and click/tap on the App & browser control icon.

    2 Click/tap on the Reputation-based protection settings link. (see screenshot below)

    Enable or Disable Microsoft Defender PUA Protection in Windows 10-windows_security_potentially_unwanted_app_blocking-1.png

    3 Turn on (default) or off Potentially unwanted app blocking for what you want. (see screenshots below)

    A) If you turned on Potentially unwanted app blocking, you can check (default) or uncheck Block apps and/or Block downloads for what you want.

    If you uncheck both Block apps and Block downloads, it will turn off Potentially unwanted app blocking.

    Enable or Disable Microsoft Defender PUA Protection in Windows 10-windows_security_potentially_unwanted_app_blocking-2.png Enable or Disable Microsoft Defender PUA Protection in Windows 10-windows_security_potentially_unwanted_app_blocking-3.png Enable or Disable Microsoft Defender PUA Protection in Windows 10-windows_security_potentially_unwanted_app_blocking-4.png

    4 If prompted by UAC, click on Yes to approve the change.

    5 You can now close Windows Security if you like.






    OPTION TWO

    Turn On or Off Microsoft Defender Potentially Unwanted App (PUA) App Blocking Protection in PowerShell


    This option will not affect the Block downloads setting in Windows Security from Option One.

    The PowerShell commands below will add and modify the DWORD value in the protected registry key below.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender

    PUAProtection DWORD

    0 = Off and not block apps
    1 = On and block apps
    2 = Audit Mode - not block apps


    1 Open an elevated PowerShell.

    2 Copy and paste the command below you want to use into the elevated PowerShell, and press Enter. (see screenshot below)

    (Turn off Windows Defender PUA protection to not block apps)
    Set-MpPreference -PUAProtection 0
    or
    Set-MpPreference -PUAProtection Disabled

    OR

    (Turn on Windows Defender PUA protection and block apps - Default)
    Set-MpPreference -PUAProtection 1
    or
    Set-MpPreference -PUAProtection Enabled

    OR

    (Audit Mode - will only detect and log PUAs, but will not block apps)
    Set-MpPreference -PUAProtection 2
    or
    Set-MpPreference -PUAProtection AuditMode

    Enable or Disable Microsoft Defender PUA Protection in Windows 10-windows_defender_pua_powershell.png

    3 You can now close the elevated PowerShell window if you like.






    OPTION THREE

    Enable or Disable Microsoft Defender Potentially Unwanted App (PUA) App Blocking Protection in Local Group Policy Editor


    This option will not affect the Block downloads setting in Windows Security from Option One.

    This option is only available starting with Windows 10 version 1809.

    The Local Group Policy Editor is only available in the Windows 10 Pro, Enterprise, and Education editions.

    All editions can use Option Four for this same policy.


    1 Open the Local Group Policy Editor.

    2 In the left pane of Local Group Policy Editor, navigate to the location below available to you. (see screenshot below)

    Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus

    OR

    Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus

    Enable or Disable Microsoft Defender PUA Protection in Windows 10-windows_defender_pua_gpedit-1.jpg

    3 In the right pane of Windows Defender Antivirus in Local Group Policy Editor, double click/tap on the Configure detection for potentially unwanted applications policy to edit it. (see screenshot above)

    4 Do step 5 (enable, )step 6 (audit mode), or step 7 (disable) below for what you would like to do.


    5 To Always Enable Microsoft Defender PUA Protection and Block Apps

    This will gray out the Potentially unwanted app blocking setting in Option One.

    A) Select (dot) Enabled, select Block in the Options drop down menu, click/tap on OK, and go to step 9 below. (see screenshot below)


    6 To Always Enable Audit Mode for Microsoft Defender PUA Protection and Not Block Apps

    This will gray out the Potentially unwanted app blocking setting in Option One.

    Potentially unwanted software will not be blocked, however if this feature would have blocked access if it were set to Block (enable), then a record of the event will be in the event logs.

    A) Select (dot) Enabled, select Audit Mode in the Options drop down menu, click/tap on OK, and go to step 9 below. (see screenshot below)


    7 To Always Disable Microsoft Defender PUA Protection and Not Block Apps

    This will gray out the Potentially unwanted app blocking setting in Option One.

    A) Select (dot) Enabled, select Disable in the Options drop down menu, click/tap on OK, and go to step 9 below. (see screenshot below)


    8 Default Allow to Change Microsoft Defender PUA Settings in Windows Security

    This is the default setting.

    This will allow you to change the Potentially unwanted app blocking setting in Option One.

    A) Select (dot) Not Configured, click/tap on OK, and go to step 9 below. (see screenshot below)

    Enable or Disable Microsoft Defender PUA Protection in Windows 10-windows_defender_pua_gpedit-2.jpg

    9 When finished, you can close the Local Group Policy Editor if you like.






    OPTION FOUR

    Enable or Disable Microsoft Defender Potentially Unwanted App (PUA) App Blocking Protection using a REG file


    This changes the same policy used in Option Three.

    This option will not affect the Block downloads setting in Windows Security from Option One.

    The downloadable .reg files below will add and modify the DWORD in the registry key below.

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

    PUAProtection DWORD

    0 or delete = Disable
    1 = Enable
    2 = Audit Mode


    1 Do step 2 (always enable), step 3 (Always audit mode), step 4 (Always disable), or step 5 (default) below for what you would like to do.


    2 To Always Enable Microsoft Defender PUA Protection and Block Apps

    This will gray out the Potentially unwanted app blocking setting in Option One.


    A) Click/tap on the Download button below to download the file below, and go to step 6 below.

    Always_enable_Windows_Defender_PUA_and_block_apps.reg

    Download


    3 To Always Enable Audit Mode for Microsoft Defender PUA Protection and Not Block Apps

    This will gray out the Potentially unwanted app blocking setting in Option One.

    Potentially unwanted software will not be blocked, however if this feature would have blocked access if it were set to Block (enable), then a record of the event will be in the event logs.

    A) Click/tap on the Download button below to download the file below, and go to step 6 below.

    Always_enable_Audit_Mode_Windows_Defender_PUA_and_not_block_apps.reg

    Download


    4 To Always Disable Microsoft Defender PUA Protection and Not Block Apps

    This will gray out the Potentially unwanted app blocking setting in Option One.

    A) Click/tap on the Download button below to download the file below, and go to step 6 below.

    Always_disable_Windows_Defender_PUA_protection_and_not_block_apps.reg

    Download


    5 Default Allow to Change Microsoft Defender PUA Settings in Windows Security

    This is the default setting.

    This will allow you to change the Potentially unwanted app blocking setting in Option One.

    A) Click/tap on the Download button below to download the file below, and go to step 6 below.

    Default_allow_set_Windows_Defender_PUA_in_Windows_Security.reg

    Download


    6 Save the .reg file to your desktop.

    7 Double click/tap on the downloaded .reg file to merge it.

    8 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

    9 Restart the computer to apply.

    10 You can now delete the downloaded .reg file if you like.


    That's it,
    Shawn Brink






  1. Posts : 67
    windows 7 pro
       #1

    Exultant tout Shawn Thanks I was not aware of this.

    Will this work on MSE as well?

    regards
      My Computer


  2. Posts : 68,668
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #2

    Hello nissimezra, :)

    The Microsoft article made no mention of it supporting MSE, but it won't hurt to give it a play with if you like to see for sure.
      My Computers


  3. Posts : 118
    Windows 10 Pro
       #3

    Hi Shawn,
    When I saw you post this Tut I assumed Malwarebytes Anti-Malware Premium would locate & resolve PUP issues. Is it good practice to have Defender PUA protection as well?

    thank you,
    richie
      My Computers


  4. Posts : 68,668
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #4

    Hello Richie, :)

    Yes, MBAM protects against PUPs, but it wouldn't hurt to enable it in Windows Defender for extra protection.
      My Computers


  5. Posts : 118
    Windows 10 Pro
       #5

    Great :)

    thanks Shawn
      My Computers


  6. Posts : 68,668
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #6

      My Computers


  7. Posts : 27,166
    Win11 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       #7

    Additional at Microsoft Protection Center:

    Unwanted software

    Identifying and analyzing unwanted software is a complex challenge. New forms of unwanted software are constantly under development. The same technology that can make software unwanted also appears in software that you want to keep and use (such as antivirus or antimalware software). It’s not always possible to automatically determine whether a program is something you want to keep or something you want to remove.

    Microsoft helps by giving you the information and tools you need to decide which software to download, install, and run on your PC.

    We maintain a definition library of unwanted software. This library has a database of unwanted software files and settings. When our researchers identify new unwanted software, they create definitions and add them to the library. We release regular definition updates to help protect your PC and personal information.

    You can participate in our worldwide network by submitting unwanted software for analysis. This network helps identify programs to add to our definition library.

    New forms of unwanted software are developed and distributed rapidly. As a result, Microsoft reserves the right to adjust, expand, and update its criteria for analysis without prior notice or announcements.


    Consumer opinion

    Microsoft has created a worldwide network where you can submit unwanted software for analysis. Participants in the network play a key role in helping identify new suspicious programs quickly. After analysis, Microsoft creates definitions for programs that meet the criteria, and makes them available to all users through Microsoft antimalware software.
    If you believe you have been negatively affected by unwanted software, download and install Microsoft antimalware software. If the unwanted software persists, you can report the problem to Microsoft.
    More at: Microsoft Malware Protection Center - How Microsoft antimalware products identify potentially unwanted software
    Last edited by Brink; 25 Feb 2016 at 08:50. Reason: removed unneeded bits in link
      My Computers


  8. Posts : 2,450
    Windows 10 Pro x64
       #8

    Shawn, a quick question.

    In the Shields up on potentially unwanted applications in your enterprise | Microsoft Malware Protection Center it specifically mentions that the
    MpEnablePus DWORD should be entered in the
    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\MpEngine

    whereas in your tutorial you create it in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\MpEngine

    Am I missing something? Which one is the correct entry?

    Thanx. Dimitri
      My Computer


  9. Posts : 68,668
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #9

    Hello Dimitri, :)

    Interesting. I'll update the tutorial now to use that location instead. Thank you.
      My Computers


 

Tutorial Categories

Enable or Disable Microsoft Defender PUA Protection in Windows 10 Tutorial Index Network & Sharing Instalation and Upgrade Browsers and Email General Tips Gaming Customization Apps and Features Virtualization BSOD System Security User Accounts Hardware and Drivers Updates and Activation Backup and Restore Performance and Maintenance Mixed Reality Phone


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 07:29.
Find Us




Windows 10 Forums