Enable or Disable Windows Defender PUA Protection in Windows 10  

Page 1 of 7 123 ... LastLast
    Enable or Disable Windows Defender PUA Protection in Windows 10

    Enable or Disable Windows Defender PUA Protection in Windows 10

    How to Enable or Disable Windows Defender PUA Protection in Windows 10
    Published by Category: Security System
    20 Mar 2020
    Designer Media Ltd


    How to Enable or Disable Windows Defender PUA Protection in Windows 10


    The Potentially Unwanted Applications (PUA) protection feature in Windows Defender Antivirus can identify and block PUAs from downloading and installing on endpoints in your network.

    These applications are not considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use. PUA can also refer to applications that are considered to have a poor reputation.

    Typical PUA behavior includes:
    • Various types of software bundling
    • Ad-injection into web browsers
    • Driver and registry optimizers that detect issues, request payment to fix the errors, but remain on the endpoint and make no changes or optimizations (also known as "rogue antivirus" programs)

    These applications can increase the risk of your network being infected with malware, cause malware infections to be harder to identify, and can waste IT resources in cleaning up the applications.

    By default, PUA protection is not enabled in Windows Defender, and would need to be enabled if wanted.

    The Potentially Unwanted Application protection feature is available only for enterprise customers. If you are already one of Microsoft's existing enterprise customers, you need to opt-in to enable and use PUA protection.
    While Microsoft announced the new PUA feature as only available for the Enterprise edition of Windows 10, Home and Pro editions can also enable it on their Windows 10 PCs to block the deployment of adware during software installations.

    PUA protection updates are included as part of the existing definition updates and cloud protection of Windows Defender.

    For more details, see:

    This tutorial will show you how to enable or disable Potential Unwanted Applications (PUA) protection in Windows Defender for all users in Windows 10.

    You must be signed in as an administrator to enable or disable Windows Defender PUA protection.



    Contents

    • Option One: Turn On or Off Windows Defender Potentially Unwanted Applications (PUA) App Blocking Protection in Windows Security
    • Option Two: Turn On or Off Windows Defender Potentially Unwanted Applications (PUA) App Blocking Protection in PowerShell
    • Option Three: Enable or Disable Windows Defender Potentially Unwanted Applications (PUA) App Blocking Protection in Local Group Policy Editor
    • Option Four: Enable or Disable Windows Defender Potentially Unwanted Applications (PUA) App Blocking Protection using a REG file



    EXAMPLE: Windows Defender PUA protection

    To download a safe PUP test file: Feature Settings Check AMTSO

    (Windows Security > Virus & threat protection > Protection history)

    Enable or Disable Windows Defender PUA Protection in Windows 10-windows_defender_pup_protection-1.jpg
    Enable or Disable Windows Defender PUA Protection in Windows 10-windows_defender_pup_protection-2.jpg Enable or Disable Windows Defender PUA Protection in Windows 10-windows_defender_pup_protection-3.jpg






    OPTION ONE

    Turn On or Off Windows Defender Potentially Unwanted Applications (PUA) App Blocking Protection in Windows Security


    This option is currently only available in at least Windows 10 Fast build 19577 and higher and Windows 10 Slow build 19041.153 and higher.


    1 Open Windows Security, and click/tap on the App & browser control icon.

    2 Click/tap on the Reputation-based protection settings link. (see screenshot below)

    Enable or Disable Windows Defender PUA Protection in Windows 10-windows_security_potentially_unwanted_app_blocking-1.png

    3 Turn on (default) or off Potentially unwanted app blocking for what you want. (see screenshots below)

    A) If you turned on Potentially unwanted app blocking, you can check (default)or uncheck Block apps and/or Block downloads for what you want.

    If you uncheck both Block apps and Block downloads, it will turn off Potentially unwanted app blocking.

    Enable or Disable Windows Defender PUA Protection in Windows 10-windows_security_potentially_unwanted_app_blocking-2.png Enable or Disable Windows Defender PUA Protection in Windows 10-windows_security_potentially_unwanted_app_blocking-3.png Enable or Disable Windows Defender PUA Protection in Windows 10-windows_security_potentially_unwanted_app_blocking-4.png

    4 If prompted by UAC, click on Yes to approve the change.

    5 You can now close Windows Security if you like.






    OPTION TWO

    Turn On or Off Windows Defender Potentially Unwanted Applications (PUA) App Blocking Protection in PowerShell


    This option will not affect the Block downloads setting in Windows Security from Option One.

    The PowerShell commands below will add and modify the DWORD value in the protected registry key below.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender

    PUAProtection DWORD

    0 = Off and not block apps
    1 = On and block apps
    2 = Audit Mode - not block apps


    1 Open an elevated PowerShell.

    2 Copy and paste the command below you want to use into the elevated PowerShell, and press Enter. (see screenshot below)

    (Turn off Windows Defender PUA protection to not block apps)
    Set-MpPreference -PUAProtection 0
    or
    Set-MpPreference -PUAProtection Disabled

    OR

    (Turn on Windows Defender PUA protection and block apps - Default)
    Set-MpPreference -PUAProtection 1
    or
    Set-MpPreference -PUAProtection Enabled

    OR

    (Audit Mode - will only detect and log PUAs, but will not block apps)
    Set-MpPreference -PUAProtection 2
    or
    Set-MpPreference -PUAProtection AuditMode

    Enable or Disable Windows Defender PUA Protection in Windows 10-windows_defender_pua_powershell.png

    3 You can now close the elevated PowerShell window if you like.






    OPTION THREE

    Enable or Disable Windows Defender Potentially Unwanted Applications (PUA) App Blocking Protection in Local Group Policy Editor


    This option will not affect the Block downloads setting in Windows Security from Option One.

    This option is only available starting with Windows 10 version 1809.

    The Local Group Policy Editor is only available in the Windows 10 Pro, Enterprise, and Education editions.

    All editions can use Option Four for this same policy.


    1 Open the Local Group Policy Editor.

    2 In the left pane of Local Group Policy Editor, navigate to the location below available to you. (see screenshot below)

    Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus

    OR

    Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus

    Enable or Disable Windows Defender PUA Protection in Windows 10-windows_defender_pua_gpedit-1.jpg

    3 In the right pane of Windows Defender Antivirus in Local Group Policy Editor, double click/tap on the Configure detection for potentially unwanted applications policy to edit it. (see screenshot above)

    4 Do step 5 (enable, )step 6 (audit mode), or step 7 (disable) below for what you would like to do.


    5 To Always Enable Windows Defender PUA Protection and Block Apps

    This will gray out the Potentially unwanted app blocking setting in Option One.

    A) Select (dot) Enabled, select Block in the Options drop down menu, click/tap on OK, and go to step 9 below. (see screenshot below)


    6 To Always Enable Audit Mode for Windows Defender PUA Protection and Not Block Apps

    This will gray out the Potentially unwanted app blocking setting in Option One.

    Potentially unwanted software will not be blocked, however if this feature would have blocked access if it were set to Block (enable), then a record of the event will be in the event logs.

    A) Select (dot) Enabled, select Audit Mode in the Options drop down menu, click/tap on OK, and go to step 9 below. (see screenshot below)


    7 To Always Disable Windows Defender PUA Protection and Not Block Apps

    This will gray out the Potentially unwanted app blocking setting in Option One.

    A) Select (dot) Enabled, select Disable in the Options drop down menu, click/tap on OK, and go to step 9 below. (see screenshot below)


    8 Default Allow to Change Windows Defender PUA Settings in Windows Security

    This is the default setting.

    This will allow you to change the Potentially unwanted app blocking setting in Option One.

    A) Select (dot) Not Configured, click/tap on OK, and go to step 8 below. (see screenshot below)

    Enable or Disable Windows Defender PUA Protection in Windows 10-windows_defender_pua_gpedit-2.jpg

    9 When finished, you can close the Local Group Policy Editor if you like.






    OPTION FOUR

    Enable or Disable Windows Defender Potentially Unwanted Applications (PUA) App Blocking Protection using a REG file


    This changes the same policy used in Option Three.

    This option will not affect the Block downloads setting in Windows Security from Option One.

    The downloadable .reg files below will add and modify the DWORD in the registry key below.

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

    PUAProtection DWORD

    0 or delete = Disable
    1 = Enable
    2 = Audit Mode


    1 Do step 2 (always enable), step 3 (Always audit mode), step 4 (Always disable), or step 5 (default) below for what you would like to do.


    2 To Always Enable Windows Defender PUA Protection and Block Apps

    This will gray out the Potentially unwanted app blocking setting in Option One.


    A) Click/tap on the Download button below to download the file below, and go to step 6 below.

    Always_enable_Windows_Defender_PUA_and_block_apps.reg

    Download


    3 To Always Enable Audit Mode for Windows Defender PUA Protection and Not Block Apps

    This will gray out the Potentially unwanted app blocking setting in Option One.

    Potentially unwanted software will not be blocked, however if this feature would have blocked access if it were set to Block (enable), then a record of the event will be in the event logs.

    A) Click/tap on the Download button below to download the file below, and go to step 6 below.

    Always_enable_Audit_Mode_Windows_Defender_PUA_and_not_block_apps.reg

    Download


    4 To Always Disable Windows Defender PUA Protection and Not Block Apps

    This will gray out the Potentially unwanted app blocking setting in Option One.

    A) Click/tap on the Download button below to download the file below, and go to step 6 below.

    Always_disable_Windows_Defender_PUA_protection_and_not_block_apps.reg

    Download


    5 Default Allow to Change Windows Defender PUA Settings in Windows Security

    This is the default setting.

    This will allow you to change the Potentially unwanted app blocking setting in Option One.

    A) Click/tap on the Download button below to download the file below, and go to step 6 below.

    Default_allow_set_Windows_Defender_PUA_in_Windows_Security.reg

    Download


    6 Save the .reg file to your desktop.

    7 Double click/tap on the downloaded .reg file to merge it.

    8 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

    9 Restart the computer to apply.

    10 You can now delete the downloaded .reg file if you like.


    That's it,
    Shawn




  1. Posts : 66
    windows 7 pro
       #1

    Exultant tout Shawn Thanks I was not aware of this.

    Will this work on MSE as well?

    regards
      My Computer

  2. Brink's Avatar
    Posts : 48,770
    64-bit Windows 10 Pro for Workstations build 19635
    Thread Starter
       #2

    Hello nissimezra, :)

    The Microsoft article made no mention of it supporting MSE, but it won't hurt to give it a play with if you like to see for sure.
      My Computers

  3. dogpark's Avatar
    Posts : 109
    Windows 10 Pro
       #3

    Hi Shawn,
    When I saw you post this Tut I assumed Malwarebytes Anti-Malware Premium would locate & resolve PUP issues. Is it good practice to have Defender PUA protection as well?

    thank you,
    richie
      My Computers

  4. Brink's Avatar
    Posts : 48,770
    64-bit Windows 10 Pro for Workstations build 19635
    Thread Starter
       #4

    Hello Richie, :)

    Yes, MBAM protects against PUPs, but it wouldn't hurt to enable it in Windows Defender for extra protection.
      My Computers

  5. dogpark's Avatar
    Posts : 109
    Windows 10 Pro
       #5

    Great :)

    thanks Shawn
      My Computers

  6. Brink's Avatar
    Posts : 48,770
    64-bit Windows 10 Pro for Workstations build 19635
    Thread Starter
       #6

      My Computers


  7. Cliff S's Avatar
    Posts : 24,302
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       #7

    Additional at Microsoft Protection Center:

    Unwanted software

    Identifying and analyzing unwanted software is a complex challenge. New forms of unwanted software are constantly under development. The same technology that can make software unwanted also appears in software that you want to keep and use (such as antivirus or antimalware software). It’s not always possible to automatically determine whether a program is something you want to keep or something you want to remove.

    Microsoft helps by giving you the information and tools you need to decide which software to download, install, and run on your PC.

    We maintain a definition library of unwanted software. This library has a database of unwanted software files and settings. When our researchers identify new unwanted software, they create definitions and add them to the library. We release regular definition updates to help protect your PC and personal information.

    You can participate in our worldwide network by submitting unwanted software for analysis. This network helps identify programs to add to our definition library.

    New forms of unwanted software are developed and distributed rapidly. As a result, Microsoft reserves the right to adjust, expand, and update its criteria for analysis without prior notice or announcements.


    Consumer opinion

    Microsoft has created a worldwide network where you can submit unwanted software for analysis. Participants in the network play a key role in helping identify new suspicious programs quickly. After analysis, Microsoft creates definitions for programs that meet the criteria, and makes them available to all users through Microsoft antimalware software.
    If you believe you have been negatively affected by unwanted software, download and install Microsoft antimalware software. If the unwanted software persists, you can report the problem to Microsoft.
    More at: Microsoft Malware Protection Center - How Microsoft antimalware products identify potentially unwanted software
    Last edited by Brink; 25 Feb 2016 at 07:50. Reason: removed unneeded bits in link
      My Computers

  8. ddelo's Avatar
    Posts : 1,826
    Windows 10 Pro x64
       #8

    Shawn, a quick question.

    In the Shields up on potentially unwanted applications in your enterprise | Microsoft Malware Protection Center it specifically mentions that the
    MpEnablePus DWORD should be entered in the
    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\MpEngine

    whereas in your tutorial you create it in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\MpEngine

    Am I missing something? Which one is the correct entry?

    Thanx. Dimitri
      My Computer

  9. Brink's Avatar
    Posts : 48,770
    64-bit Windows 10 Pro for Workstations build 19635
    Thread Starter
       #9

    Hello Dimitri, :)

    Interesting. I'll update the tutorial now to use that location instead. Thank you.
      My Computers


 
Page 1 of 7 123 ... LastLast

Tutorial Categories

Enable or Disable Windows Defender PUA Protection in Windows 10 Tutorial Index Network & Sharing Instalation and Upgrade Browsers and Email General Tips Gaming Customization Apps and Features Virtualization BSOD System Security User Accounts Hardware and Drivers Updates and Activation Backup and Restore Performance and Maintenance Mixed Reality Phone


Related Threads
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 21:40.
Find Us




Windows 10 Forums