Page 1 of 5 123 ... LastLast
    Enable or Disable Windows Defender PUA Protection in Windows 10

    Enable or Disable Windows Defender PUA Protection in Windows 10

    How to Enable or Disable Windows Defender PUA Protection in Windows 10
    Published by Category: Security System
    14 Oct 2017
    Designer Media Ltd

    Published by


    Brink's Avatar
    Administrator

    Posts: 25,820

    Show Printable Version 


    How to Enable or Disable Windows Defender PUA Protection in Windows 10

    information   Information
    The Potentially Unwanted Application (PUA) protection feature in Windows Defender Antivirus can identify and block PUAs from downloading and installing on endpoints in your network.

    These applications are not considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use. PUA can also refer to applications that are considered to have a poor reputation.

    Typical PUA behavior includes:
    • Various types of software bundling
    • Ad-injection into web browsers
    • Driver and registry optimizers that detect issues, request payment to fix the errors, but remain on the endpoint and make no changes or optimizations (also known as "rogue antivirus" programs)

    These applications can increase the risk of your network being infected with malware, cause malware infections to be harder to identify, and can waste IT resources in cleaning up the applications.

    By default, PUA protection is not enabled in Windows Defender, and would need to be enabled if wanted.

    For more details, see:


    This tutorial will show you how to enable or disable Potential Unwanted Application (PUA) protection in Windows Defender for all users in Windows 10.

    You must be signed in as an administrator to be able to enable or disable Windows Defender PUA protection.

    Note   Note
    The Potentially Unwanted Application protection feature is available only for enterprise customers. If you are already one of Microsoft's existing enterprise customers, you need to opt-in to enable and use PUA protection.
    While Microsoft announced the new PUA feature as only available for the Enterprise edition of Windows 10, Home and Pro editions can also enable it on their Windows 10 PCs to block the deployment of adware during software installations.

    PUA protection updates are included as part of the existing definition updates and cloud protection of Windows Defender.


    CONTENTS:
    • Option One: To Enable or Disable Windows Defender PUA Protection using a REG file
    • Option Two: To Enable or Disable Windows Defender PUA Protection in PowerShell

    EXAMPLE: Windows Defender PUA protection
    Name:  PUA_detection_smaller.png
Views: 9809
Size:  2.5 KB
    Click image for larger version. 

Name:	PUA_scep.png 
Views:	406 
Size:	83.8 KB 
ID:	51391





    Enable or Disable Windows Defender PUA Protection in Windows 10 OPTION ONE Enable or Disable Windows Defender PUA Protection in Windows 10
    To Enable or Disable Windows Defender PUA Protection using a REG file

    Note   Note
    The .reg files below will add and modify the DWORDs in the registry keys below.

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

    PUAProtection DWORD

    0 or delete = disable
    1 = enable


    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine

    MpEnablePus DWORD

    0 or delete = disable
    1 = enable

    1. Do step 2 (enable) or step 3 (disable) below for what you would like to do.


     2. To Enable Windows Defender PUA Protection

    A) Click/tap on the Download button below to download the file below, and go to step 4 below.

    Enable_Windows_Defender_PUA_protection.reg

    download


     3. To Disable Windows Defender PUA Protection

    NOTE: This is the default setting.

    A) Click/tap on the Download button below to download the file below, and go to step 4 below.

    Disable_Windows_Defender_PUA_protection.reg

    download

    4. Save the .reg file to your desktop.

    5. Double click/tap on the downloaded .reg file to merge it.

    6. If prompted, click on Run, Yes (UAC), Yes, and OK to approve the merge.

    7. Restart the computer to apply.

    8. You can now delete the downloaded .reg file if you like.






    Enable or Disable Windows Defender PUA Protection in Windows 10 OPTION TWO Enable or Disable Windows Defender PUA Protection in Windows 10
    To Enable or Disable Windows Defender PUA Protection in PowerShell

    Note   Note
    The PowerShell commands below will add and modify the DWORD value in the protected registry key below.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender

    PUAProtection DWORD

    0 = Disable
    1 = Enable
    2 = Audit Mode

    1. Open an elevated PowerShell.

    2. Enter the command below you want to use into the elevated PowerShell, and press Enter. (see screenshot below)

    (Disable Windows Defender PUA protection)
    Set-MpPreference -PUAProtection 0
    or
    Set-MpPreference -PUAProtection Disabled

    OR

    (Enable Windows Defender PUA protection)
    Set-MpPreference -PUAProtection 1
    or
    Set-MpPreference -PUAProtection Enabled

    OR

    (Audit Mode - will detect PUAs, but will not block them)
    Set-MpPreference -PUAProtection 2
    or
    Set-MpPreference -PUAProtection AuditMode


    Click image for larger version. 

Name:	Windows_Defender_PUA_PowerShell.png 
Views:	131 
Size:	13.2 KB 
ID:	110121

    3. Restart the computer to apply.


    That's it,
    Shawn


  1.    23 Feb 2016 #1
    Join Date : Aug 2015
    Montreal Canada
    Posts : 55
    windows 7 pro

    Exultant tout Shawn Thanks I was not aware of this.

    Will this work on MSE as well?

    regards
      My ComputerSystem Spec
  2.    23 Feb 2016 #2
    Join Date : Oct 2013
    Posts : 25,820
    64-bit Windows 10 Pro build 17046
    Thread Starter

    Hello nissimezra,

    The Microsoft article made no mention of it supporting MSE, but it won't hurt to give it a play with if you like to see for sure.
      My ComputersSystem Spec
  3.    23 Feb 2016 #3
    Join Date : Aug 2015
    Posts : 90
    Windows 10 Pro

    Hi Shawn,
    When I saw you post this Tut I assumed Malwarebytes Anti-Malware Premium would locate & resolve PUP issues. Is it good practice to have Defender PUA protection as well?

    thank you,
    richie
      My ComputerSystem Spec
  4.    23 Feb 2016 #4
    Join Date : Oct 2013
    Posts : 25,820
    64-bit Windows 10 Pro build 17046
    Thread Starter

    Hello Richie,

    Yes, MBAM protects against PUPs, but it wouldn't hurt to enable it in Windows Defender for extra protection.
      My ComputersSystem Spec
  5.    23 Feb 2016 #5
    Join Date : Aug 2015
    Posts : 90
    Windows 10 Pro

    Great

    thanks Shawn
      My ComputerSystem Spec
  6.    23 Feb 2016 #6
    Join Date : Oct 2013
    Posts : 25,820
    64-bit Windows 10 Pro build 17046
    Thread Starter

      My ComputersSystem Spec
  7.    25 Feb 2016 #7
    Join Date : Feb 2015
    Bamberg Germany
    Posts : 18,085
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu

    Additional at Microsoft Protection Center:

    Unwanted software

    Identifying and analyzing unwanted software is a complex challenge. New forms of unwanted software are constantly under development. The same technology that can make software unwanted also appears in software that you want to keep and use (such as antivirus or antimalware software). It’s not always possible to automatically determine whether a program is something you want to keep or something you want to remove.

    Microsoft helps by giving you the information and tools you need to decide which software to download, install, and run on your PC.

    We maintain a definition library of unwanted software. This library has a database of unwanted software files and settings. When our researchers identify new unwanted software, they create definitions and add them to the library. We release regular definition updates to help protect your PC and personal information.

    You can participate in our worldwide network by submitting unwanted software for analysis. This network helps identify programs to add to our definition library.

    New forms of unwanted software are developed and distributed rapidly. As a result, Microsoft reserves the right to adjust, expand, and update its criteria for analysis without prior notice or announcements.


    Consumer opinion

    Microsoft has created a worldwide network where you can submit unwanted software for analysis. Participants in the network play a key role in helping identify new suspicious programs quickly. After analysis, Microsoft creates definitions for programs that meet the criteria, and makes them available to all users through Microsoft antimalware software.
    If you believe you have been negatively affected by unwanted software, download and install Microsoft antimalware software. If the unwanted software persists, you can report the problem to Microsoft.
    More at: Microsoft Malware Protection Center - How Microsoft antimalware products identify potentially unwanted software
    Last edited by Brink; 25 Feb 2016 at 08:50. Reason: removed unneeded bits in link
      My ComputersSystem Spec
  8.    08 May 2016 #8
    Join Date : Dec 2015
    Athens, Greece
    Posts : 141
    Windows 10 Pro x64

    Shawn, a quick question.

    In the Shields up on potentially unwanted applications in your enterprise | Microsoft Malware Protection Center it specifically mentions that the
    MpEnablePus DWORD should be entered in the
    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\MpEngine

    whereas in your tutorial you create it in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\MpEngine

    Am I missing something? Which one is the correct entry?

    Thanx. Dimitri
      My ComputerSystem Spec
  9.    08 May 2016 #9
    Join Date : Oct 2013
    Posts : 25,820
    64-bit Windows 10 Pro build 17046
    Thread Starter

    Hello Dimitri,

    Interesting. I'll update the tutorial now to use that location instead. Thank you.
      My ComputersSystem Spec

 
Page 1 of 5 123 ... LastLast


Similar Threads
Tutorial Category
Security System Turn On or Off Windows Defender Real-time Protection in Windows 10
Windows Defender helps protect your PC against malware (malicious software) like viruses, spyware, and other potentially unwanted software. Malware can infect your PC without your knowledge: it might install itself from an email message, when you...
Tutorials
Hardware & Drivers Enable or Disable Disk Write Protection in Windows
How to Enable or Disable Write Protection for a Disk Drive in Windows Write protection (read-only) on a disk prevents the contents on the disk from being changed. There are many reasons for how a disk is write protected. This tutorial will...
Tutorials
How to Enable Windows Defender Adware Blocking in Windows 10
Read more: http://www.ghacks.net/2015/11/30/add-adware-protection-to-windows-defender/ SOURCE: Shields up on potentially unwanted applications in your enterprise - Microsoft Malware Protection Center - Site Home - TechNet Blogs
AntiVirus, Firewalls and System Security
Turnoff Real-time protection in Windows Defender make Windows 10 error
Turn off real-time protection in Windows Defender make Windows 10 Version 1511 VL (both Professional and Enterprise) not working, black screen and I have to shutdown laptop by pressing power button. I tested many times with fress installed...
AntiVirus, Firewalls and System Security
Solved Disable Windows Defender Real-time protection but keep the app working
Hi, how can I disable Windows Defender Real-time protection but keep the Windows Defender app available and working? I've seen ways to disable Windows Defender Real-time protection in W10, however this involved disabling Windows Defender as a...
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 13:35.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums