Page 1 of 2 12 LastLast
  1.    28 Aug 2017 #1
    Join Date : Nov 2015
    Posts : 195
    Win10

    Windows Defender PUA feature?


    WD has this new feature called PUA.
    Is this for domain environments or can this be done on a standalone Win10 Enterprise? Or is this needed on a standalone system?

    I know it has to be enabled in the registry.

    If enabled, how will this effect the use of a machine? Will I get constant annoying notifications all the time?

    How intrusive is enabling PUA?

    How is it different fron enabling or disabling this feature from standard malware protection?

    Thx!
      My ComputerSystem Spec
  2.    29 Aug 2017 #2
    Join Date : Oct 2014
    Trnava
    Posts : 2,862
    Windows 10.4 Home 1709 x64

    PUP/PUA is not really a malware, so even a legitimate software might be detected.

    Windows Defender PUP Registry Tweak tested - YouTube

    MS and Malwarebytes have decided to go over the top and detect virtually anything as PUP.

    MSRT October 2016 release: Adding more unwanted software detections Windows Security blog
      My ComputerSystem Spec
  3.    29 Aug 2017 #3
    Join Date : Nov 2015
    Posts : 195
    Win10
    Thread Starter

    So it's best to just leave it disabled?

    Anyways, I practice safe computing habits and I rarely install programs which I do not need.
      My ComputerSystem Spec
  4.    29 Aug 2017 #4
    Join Date : Oct 2014
    Trnava
    Posts : 2,862
    Windows 10.4 Home 1709 x64

    Quote Originally Posted by win10freak View Post
    So it's best to just leave it disabled?
    Probably yes. If you have had PUA, you would surely notice, that is it, what they are made for, like adware.
    Attached Thumbnails Attached Thumbnails download.png  
      My ComputerSystem Spec
  5.    29 Aug 2017 #5
    Join Date : Aug 2016
    S/E England
    Posts : 4,490
    10 Home x64 (1709) (10 Pro on 2nd pc)

    Is this for domain environments or can this be done on a standalone Win10 Enterprise? Or is this needed on a standalone system?
    Quote Originally Posted by win10freak View Post
    ...So it's best to just leave it disabled?

    Anyways, I practice safe computing habits and I rarely install programs which I do not need.
    Quote Originally Posted by TairikuOkami View Post
    Probably yes....
    I disagree. Enabling PUA protection in Defender will scan anything save to your Downloads folder for PUAs, adware and unwanted browser extensions (things like the Ask Toolbar) stuff you often find bundled within the install packages from some of the sites offering popular software. It's similar to the sort of protection afforded by Malwarebytes Premium (the paid-for one) - real-time protection against PUPs.

    While Microsoft aim PUA protection firmly at the Enterprise environment (and provide Enterprise tools to manage it) it can be enabled on anything, right down to my 10 Home. There's a Tutorial on this....
    Note

    The Potentially Unwanted Application protection feature is available only for enterprise customers. If you are already one of Microsoft's existing enterprise customers, you need to opt-in to enable and use PUA protection.


    While Microsoft announced the new PUA feature as only available for the Enterprise edition of Windows 10, Home and Pro editions can also enable it on their Windows 10 PCs to block the deployment of adware during software installations.

    PUA protection updates are included as part of the existing definition updates and cloud protection of Windows Defender.


    Enable or Disable Windows Defender PUA Protection in Windows 10

    ...and starting at post #19 on in that thread I describe my experiences of enabling and testing that it works in Home. I leave it enabled permanently, I've not seen any false detections. Here's some of my test results...

    Click image for larger version. 

Name:	Defender history.PNG 
Views:	19 
Size:	13.0 KB 
ID:	150921
      My ComputersSystem Spec
  6.    29 Aug 2017 #6
    Join Date : Oct 2014
    Trnava
    Posts : 2,862
    Windows 10.4 Home 1709 x64

    Quote Originally Posted by Bree View Post
    I've not seen any false detections. Here's some of my test results...

    Click image for larger version. 

Name:	Defender history.PNG 
Views:	19 
Size:	13.0 KB 
ID:	150921
    Both are false positives, sort of. EICAR is a test file and ytddownloader works, it is just adware/PUA.
    Attached Thumbnails Attached Thumbnails capture_08292017_153546.jpg  
      My ComputerSystem Spec
  7.    29 Aug 2017 #7
    Join Date : Aug 2016
    S/E England
    Posts : 4,490
    10 Home x64 (1709) (10 Pro on 2nd pc)

    Quote Originally Posted by TairikuOkami View Post
    ...false positives, sort of... ytddownloader works, it is just adware/PUA.
    As adware/PUA ytdownloader is a true positive, surely?
      My ComputersSystem Spec
  8.    29 Aug 2017 #8
    Join Date : Oct 2014
    Trnava
    Posts : 2,862
    Windows 10.4 Home 1709 x64

    Quote Originally Posted by Bree View Post
    As adware/PUA ytdownloader is a true positive, surely?
    The point is, that it is a working legitimate software, just someone has decided to mark as unwanted.
    Malwarebytes has gone crazy with that, it even marks competitive anti-malware products as PUP.
      My ComputerSystem Spec
  9.    29 Aug 2017 #9
    Join Date : Aug 2016
    S/E England
    Posts : 4,490
    10 Home x64 (1709) (10 Pro on 2nd pc)

    Quote Originally Posted by TairikuOkami View Post
    The point is, that it is a working legitimate software...
    Depends on your definition of 'legitimate'...

    Quote Originally Posted by Microsoft - Windows Defender Security Intelligence
    This application was stopped from running on your network because it has a poor reputation. This application can affect the quality of your computing experience. We have seen this leading to the following potentially unwanted behaviors on PCs:
    • Adds files that run at startup
    • Modifies boot configuration data
    • Injects into other processes on your system
    • Changes browser settings
    • Changes browser shortcuts
    • Installs browser extensions
    • Disables User Access Control (UAC)
    PUA:Win32/YTDVideoDownload
      My ComputersSystem Spec
  10.    29 Aug 2017 #10
    Join Date : Oct 2014
    Trnava
    Posts : 2,862
    Windows 10.4 Home 1709 x64

    AD-supported software implements/display ADs (like Google/Microsoft), who would have thought.
    The reason, why it is marked as PUP, because it is not malware, it can be easily get rid of/uninstalled.

    Also detected as: not-a-virusdownloader.Win32.WinWrapper.cd (Kaspersky)
      My ComputerSystem Spec

 
Page 1 of 2 12 LastLast


Similar Threads
Thread Forum
Does Bit Defender Prohibit Windows Defender From Being Activated Too ?
Hello. Using BitDefender. Cant seem to activate Windows Defender (also). Does Bit Defender prohibit Windows Defender from being activated ? Any idea why I can't activate ? Assuming I can, somehow, do I want both ?
AntiVirus, Firewalls and System Security
Windows Briefcase Feature
While there are many ways to sync files in Windows 10, some may be accustomed to Windows Briefcase Feature. Personally I've never used it, but, if you wish to restore, (or remove), the feature, copy the following code(s) into Notepad and save as a...
Customization
Windows 10 new Reset feature ?
Hi Back in March 16, the Windows team of MSFT revealed that Windows 10 won't use a separate "Recovery" image for "Refresh" and 'Reset" feature. Later MSDN page on "Reset" is updated with some more info about this new change. So according...
General Support
Windows 9 Feature List
More
Windows 10 News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 23:14.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums