How PUA works in Windows Defender Antivirus (Build 1703)

Status
Not open for further replies.
Ink

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Information provided from Source 1. @Umbra

Detect and Block Potentially Unwanted Applications

The Potentially Unwanted Application (PUA) protection feature in Windows Defender Antivirus can identify and block PUAs from downloading and installing on endpoints in your network.

These applications are not considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use. PUA can also refer to applications that are considered to have a poor reputation.

Typical PUA behavior includes:
  • Various types of software bundling
  • Ad-injection into web browsers
  • Driver and registry optimizers that detect issues, request payment to fix the errors, but remain on the endpoint and make no changes or optimizations (also known as "rogue antivirus" programs)
These applications can increase the risk of your network being infected with malware, cause malware infections to be harder to identify, and can waste IT resources in cleaning up the applications.

How it works

PUAs are blocked when a user attempts to download or install the detected file, and if the file meets one of the following conditions:
  • The file is being scanned from the browser
  • The file is in the %downloads% folder
  • The file is in the %temp% folder
The file is placed in the quarantine section so it won't run.

When a PUA is detected on an endpoint, the endpoint will present a notification to the user (unless notifications have been disabled) in the same format as normal threat detections (prefaced with "PUA:").

They will also appear in the usual quarantine list in the Windows Defender Security Center app.

Further Reading:
  1. Block Potentially Unwanted Applications with Windows Defender AV
  2. Shields up on potentially unwanted applications in your enterprise
  3. Windows Defender Antivirus
  4. Enable Block at First Sight to detect malware in seconds
  5. Windows Defender Antivirus in the Windows Defender Security Center app
Mostly applicable for Windows 10 Enterprise, but useful for Pro and Home users - if interested.
 
Last edited:
  • Like
Reactions: bjm_, frogboy, Winter Soldier and 7 others
bjm_

bjm_

Level 14
Verified
Top Poster
Well-known
May 17, 2015
668
Q: is PUA protection in Windows Defender Antivirus (default) On with 1703 Home ?
I'm still 1607. Where do I look in 1703 Home for PUA On/Off?
 
Last edited:
Status
Not open for further replies.

Similar threads

Brownie2019
    • Like
On Sale! AVG Ultimate 1PC,1Yr, $ 10,92
Replies
0
Views
202
Discounts and Deals
Brownie2019
Brownie2019
Brownie2019
    • Like
Unlimited Giveaway Giveaway of the day: UnHackMe 15.50
Replies
0
Views
570
Giveaways, Promotions and Contests
Brownie2019
Brownie2019
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus with Andy Ful WHHLight
Replies
38
Views
3,747
Video Reviews - Security and Privacy
LennyFox
L

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top