CyberTech

Level 32
Verified
CCleaner, one of the most popular cleaning and system optimizations app for Windows, is now detected as a potentially unwanted application, or PUA, by Microsoft’s antivirus engine.

While CCleaner has previously been used to spread malware after hackers managed to inject malware into its installer, this doesn’t seem to be the reason for Microsoft flagging the latest version of the app as PUA.

Microsoft explains in its threat database that CCleaner is now detected as PUA:Win32/CCleaner by the Windows Defender Antivirus, with all files automatically removed from Windows computers. The CCleaner listing was last updated on July 27.

While Microsoft hasn’t provided any information as to why the app is now flagged as a PUA, it’s not a secret that the software giant itself isn’t a big fan of such cleaning apps.

In a support document, the company explains that turning to such apps can eventually affect the stability of Windows.

“Some products such as registry cleaning utilities suggest that the registry needs regular maintenance or cleaning. However, serious issues can occur when you modify the registry incorrectly using these types of utilities. These issues might require users to reinstall the operating system due to instability. Microsoft cannot guarantee that these problems can be solved without a reinstallation of the Operating System as the extent of the changes made by registry cleaning utilities varies from application to application,” it says.

Microsoft Flags CCleaner as Potentially Unwanted Application, Deletes Its Files
 

MacDefender

Level 11
Verified
Ummmmm is CCleaner actually harmful/greyware? This seems to be a troubling move.

It’s already somewhat annoying that Windows Defender seems to go after Microsoft product piracy tools more aggressively than piracy tools in general, and now if they’re going after utilities that Microsoft thinks is sometimes problematic to support.... The “defender” part of Windows Defender might be crossing the line.

I really want Windows Anti-Malware, not Windows Remove Apps Microsoft Doesn’t Like :D
 

Spawn

Administrator
Verified
Staff member
From what's provided, it is more how these software may break the OS. Check the document.
Ccleaner is a PUP but Candy Crush Saga and Disney Magic Kingdom are not? Microsoft's logic :LOL:
Apps from the Microsoft Store do not include additional software. Whereas most freeware Win32 apps do, just as with Google Chrome is bundled with CCleaner, and that is PUA.

Potentially Unwanted, does not mean Known Malware.
 

MacDefender

Level 11
Verified
From what's provided, it is more how these software may break the OS. Check the document.

Apps from the Microsoft Store do not include additional software. Whereas most freeware Win32 apps do, just as with Google Chrome is bundled with CCleaner, and that is PUA.

Potentially Unwanted, does not mean Known Malware.

Yeah I think the term Potentially Unwanted is starting to get diluted. It used to more or less mean spyware/adware — software that pretended to do something useful but in practice ends up either just showing you ads or harvesting personal habits or selling you other software.

Microsoft is trying to use the term literally, like software that you probably don’t want to use. It’s not much farther of a stretch for Microsoft to say that Ubuntu is PUA because attempting to install Ubuntu sometimes will mess up the Windows bootloader. Or maybe Chrome reduces your battery life vs Microsoft Edge so Chrome is a PUA.... Using your antivirus software to flag what Microsoft feels are undesirable utilities is going to raise a few eyebrows, even if we do believe the intentions are genuine.
 

Spawn

Administrator
Verified
Staff member
Ummmmm is CCleaner actually harmful/greyware? This seems to be a troubling move.

I really want Windows Anti-Malware, not Windows Remove Apps Microsoft Doesn’t Like :D
If Microsoft didn't have PUP/PUA protection, what are the chances users would complain about it? I know some members here would make a field trip out of it.

You're right it is a grey area, just as taking photos of federal buildings.

Majority of PUA detections are subjective (up to the vendor to decide) - just as Malwarebytes flags IObit software (example).

Flagging it as PUA is safer than calling it malware (it's not), just because it may tamper or break the OS. It still may be Potentially Unwanted, again subjective.

Last I checked, PUP/PUA are still optional protections, disabled by default in Antivirus software.
 

Burrito

Level 23
Good move from Microsoft.... I don't trust anymore on CCleaner.

...dabbling in the registry.... and... they have no clue what they are talking about this is understandable.

Yep and Yep.

Go Microsoft go..

I don't believe Microsoft would have done this without a fair amount of empirical data to justify it.

Avast has been a sketchy & skeezy company for a while.

It’s not much farther of a stretch for Microsoft to say that Ubuntu is PUA because attempting to install Ubuntu sometimes will mess up the Windows bootloader.

And what MacDefender said... ^^^ ... is interesting. The notion of Microsoft protecting their operating system is sound. That's why they finally invested in Microsoft Defender.

But that is a very slippery slope...
 

MacDefender

Level 11
Verified
And what MacDefender said... ^^^ ... is interesting. The notion of Microsoft protecting their operating system is sound. That's why they finally invested in Microsoft Defender.
I should clarify that I honestly don’t know enough about CCleaner itself — I haven’t used it personally. I do agree that it sure sounds concerning that Avast owns it, but the Support document Microsoft provided didn’t seem, to me, like they fit the industry bar for when an AV should mark a product as a PUA.

I am just conceptually concerned about this slippery slope, especially when the AV vendor and the OS vendor are one and the same.
 

show-Zi

Level 26
Verified
In most cases, information is omitted and spread. This tendency is particularly strong in Japan, and there is a great possibility that information will be exaggerated more than necessary.
This case is expected to spread in the form of 'Windows detected cCleaner as a virus'.

@Burrito 🤚Hi, it's been a while! How have you been?🖖
 

MacDefender

Level 11
Verified
One of Microsoft's PUA categories is bundling software not developed by the same entity. So if CCleaner is offering to install Chrome it absolutely fits their PUA classification.

  • Bundling software: Software that offers to install other software that is not developed by the same entity or not required for the software to run. Also, software that offers to install other software that qualifies as PUA based on the criteria outlined in this document.
It’s a super broad category the way it is defined. Seems like it would include Chrome including Flash (in the past) or Visual Studio including Python. Software that offers to install other software would mean the Microsoft Store is a PUA.

Of course if we assume Microsoft’s good intentions we understand what these rules are intended to capture but it is really important for the sake of fairness and transparency to not be in this world where large categories of software are against their PUA policy and it’s up to their opaque judgement which to write signatures against.
 

Stopspying

Level 10
This is not the first time that Microsoft have taken action against CCleaner.

"In 2019, Microsoft temporarily banned CCleaner on the Microsoft Community forums that caused links to the program to be censored when posted. This ban was due to Microsoft's general stance that Registry cleaners and system optimizers can do more harm than good on Windows systems."

 

razorfancy

Level 2
Verified
Though I do not use either, I am no fan of any program that does not give me the option to keep whatever it may detect
When Microsoft Defender detects a PUP it doesnt remove that application, it only blocks the access, you can easily unblock it by clicking on that PUP detection notification and select the option to allow it.

Notification:


Options(I use uTorrent as example):
 

SeriousHoax

Level 29
Verified
Malware Tester
We need to understand that Microsoft is not detecting Ccleaner itself as a PUA, it's detecting the installer as so. In my opinion, as long as the bundled software installation is automatically ticked during the installation wizard, I fully support Microsoft's decision to detect every application installer as so. If Ccleaner like applications put the bundled software as an optional download that requires user's permission to be installed then I would be fine. Once I found Avast and IOBit's Advanced System Care installed on my brother's PC and he had no idea that he was using that/how those came to be installed. So, not just Microsoft, every AV should start doing it.
Go Microsoft go..
Yeee Go Burrito go..
 
Top