Enable or Disable Microsoft Defender PUA Protection in Windows 10

Wiley Coyote · 26 Oct 2018

The one in Post #45 above from @Bree in the link https://www.amtso.org/feature-settin...-applications/

Brink · 26 Oct 2018

Ah, ok.

Rubi · 09 Feb 2019

Hi,

I have two questions:

1. if Defender is set to use Audit Mode (Audit Mode - will detect PUAs, but will not block them) what advantages does this have?

2. Have there been any tests or comparisons of Defender's PUA abilities/detection versus other well-known security applications?

Essentially, I am asking whether or not it is worth enabling this feature.

Thanks!

Brink · 09 Feb 2019

Rubi said:

Hi,

I have two questions:

1. if Defender is set to use Audit Mode (Audit Mode - will detect PUAs, but will not block them) what advantages does this have?

2. Have there been any tests or comparisons of Defender's PUA abilities/detection versus other well-known security applications?

Essentially, I am asking whether or not it is worth enabling this feature.

Thanks!

Hello Rubi,

1) Audi mode will basically just log the PUA events instead of blocking them. This can be good for testing purposes.

2) Can't think of any right now, but Googling may find a few.

It's certainly worth enabling PUA protection for extra security since no program is 100%.

Rubi · 09 Feb 2019

Brink said:

Hello Rubi,

1) Audi mode will basically just log the PUA events instead of blocking them. This can be good for testing purposes.

2) Can't think of any right now, but Googling may find a few.

It's certainly worth enabling PUA protection for extra security since no program is 100%.

Thanks Brink, appreciate the quick response.

I think for now I will go with Audit Mode just to see what effect it has on overall performance before deciding whether to enable.

Dandylion · 11 Jul 2019

Hello Brink,

I just had a quick question regarding this article here if you don't mind.

Ok so, Microsoft makes it quite clear that you need to enable PUA protection before Windows will block the threats from being downloaded, but what it doesn't mention is whether you need this PUA protection enabled before it will detect the PUAs during Windows Defender scans.

Any idea if the PUAs are detected and removed in standard Windows Defender scans?

Brink · 11 Jul 2019

Hello @Dandylion, and welcome to Ten Forums.

Real-time protection may catch and block a PUA (PUP), but it would be best to enable this to be sure and safe.

Bree · 11 Jul 2019

Dandylion said:

Any idea if the PUAs are detected and removed in standard Windows Defender scans?

Yes, with PUA detection enabled in Defender a normal scan finds PUAs too. If you don't enable PUA detection as per this tutorial they are not detected.

I have a couple of known PUAs tucked away in a password protected .zip file. I get them out occasionally for testing. It has to be a password protected .zip file because a normal scan would find them, even in a .zip file.

It's been a while since I last tested PUA detection, so I have just extracted them and ran a manual scan on the folder holding them. Still working in 1903....

Enable or Disable Microsoft Defender PUA Protection in Windows 10-image.png

...and after taking the recommended actions it now says:

Brink · 11 Mar 2020

Tutorial updated to add option 1 to change PUA settings in Windows Security.

Steve C · 15 Mar 2020

Brink said:

Tutorial updated to add option 1 to change PUA settings in Windows Security.

I don't see that page running v1909 18363.720:
Attachment 270479