Information provided from Source 1. @Umbra
Detect and Block Potentially Unwanted Applications
The Potentially Unwanted Application (PUA) protection feature in Windows Defender Antivirus can identify and block PUAs from downloading and installing on endpoints in your network.
These applications are not considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use. PUA can also refer to applications that are considered to have a poor reputation.
Typical PUA behavior includes:
How it works
PUAs are blocked when a user attempts to download or install the detected file, and if the file meets one of the following conditions:
When a PUA is detected on an endpoint, the endpoint will present a notification to the user (unless notifications have been disabled) in the same format as normal threat detections (prefaced with "PUA:").
They will also appear in the usual quarantine list in the Windows Defender Security Center app.
Further Reading:
Mostly applicable for Windows 10 Enterprise, but useful for Pro and Home users - if interested.
Detect and Block Potentially Unwanted Applications
The Potentially Unwanted Application (PUA) protection feature in Windows Defender Antivirus can identify and block PUAs from downloading and installing on endpoints in your network.
These applications are not considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use. PUA can also refer to applications that are considered to have a poor reputation.
Typical PUA behavior includes:
- Various types of software bundling
- Ad-injection into web browsers
- Driver and registry optimizers that detect issues, request payment to fix the errors, but remain on the endpoint and make no changes or optimizations (also known as "rogue antivirus" programs)
How it works
PUAs are blocked when a user attempts to download or install the detected file, and if the file meets one of the following conditions:
- The file is being scanned from the browser
- The file is in the %downloads% folder
- The file is in the %temp% folder
When a PUA is detected on an endpoint, the endpoint will present a notification to the user (unless notifications have been disabled) in the same format as normal threat detections (prefaced with "PUA:").
They will also appear in the usual quarantine list in the Windows Defender Security Center app.
Further Reading:
Mostly applicable for Windows 10 Enterprise, but useful for Pro and Home users - if interested.
Last edited:
