Microsoft flags CCleaner as Potentially Unwanted Application, deletes its files

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Microsoft said “bundling of software, especially products from other providers, can result in unexpected software activity that can negatively impact the user experiences. To protect Windows users, Microsoft Defender Antivirus detects CCleaner installers that exhibit this behavior as potentially unwanted applications (PUA)”.
 

jackuars

Level 27
Verified
Top Poster
Well-known
Jul 2, 2014
1,688
Good job, if PUA detection of Windows improves, it will hopefully give a warning to developers to stop bundling their software's with unwanted applications.☠

It's important that PUA detection is turned on automatically by default in Windows, because atleast 70% of Windows users are newbies and are happy clickers when installing softwares. 👻

Many good antivirus suites already include PUA detection, but it's mostly not turned on automatically. However KSC Free allows CCleaner to be installed, by automatically unchecking the bundled offer. Are they using Unchecky in the background? Anyway kudos to Kaspersky for that! ✌
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
So here's the detection from last night.
7.PNG
Just now I downloaded the Ccleaner installer again and this time it's not detected by WD anymore. Because the Ccleaner team made changes to their installer. Nowhere in the initial installer wizard, bundled software installation is mentioned anymore. It's clean and all options are related to Ccleaner only.
1.PNG2.PNG3.PNG
Before it used to be like this:
6.png
Now after the change, the mention of bundled software comes in the second step and clearly asks the user whether they want to install that particular software or not. Just, like I said in one of my previous comment, this behavior is acceptable. As long the user is asked about it, it's ok.
4.PNG
I checked the digital signature timestamp of the latest installer. It is from last night. So Ccleaner made this change last night after the news of detection went public earlier.
5.PNG
I have to say Bravo Microsoft 👏 They decided it's time to be aggressive against such practice and in no time Ccleaner/Avast have learned their lesson. Hopefully this will make Avast to fix this in their Avast AV installer too.
Good job Microsoft 👍
But there are many other software who does this and they aren't gonna change their behavior anytime soon.
Eg: PotPlayer:
8.PNG
One of the reason being PUP protection not enabled by default. If Microsoft do that all of them will be forced to make changes.
 

Chipicao

Level 2
May 17, 2020
88
And now what's next? Avast marked as a PUP?

Should be great and a good move also. Avast is not a good AV Company. I don't trust on them.

I know, there are a lot of people using them. But i don't care... They have a big data, and they sell data from users to 3rd, and guess what... receiving spam when you have Avast Account.. Data Selling!?

I recommend anyone to stay away from Avast / AVG.
 

Julian RO

Level 3
Oct 10, 2019
105
Should be great and a good move also. Avast is not a good AV Company.
I agree. Their AV is bundled in a lot of freeware programs, like uTorrent, aTube Catcher etc.

I would definitely do that because if I'm not wrong then Avast installer comes bundled with Google Chrome so it should be detected as a PUP too if the installation of Chrome is ticked automatically.
Yep, that's right.
 

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
I've just updated a handy program Burnaware free, it comes with two click to install additions, Opera, & an unknown protection add-on. Now I know those are there & they keep the program free, I could opt to pay if I chose to - For me the thing is is developer has to make money & I have choices, the check boxes were clear, & as I rarely work for nothing why should the developer?
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
This is just my personal opinion, OneDrive and Cortana, which we do not plan to use, are also close to PUA.
To the extreme, Microsoft and Avast may not be so different in what they are doing.
I thought that about OneDrive until I started using it. And if my wife didn’t use it for work I’d feel that way again haha.
 

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,463
I thought that about OneDrive until I started using it. And if my wife didn’t use it for work I’d feel that way again haha.
What I thought was that we should be well aware that the PUA definition is Microsoft's intent. In other words, it is not the user who judged "undesirable".

I don't think the Windows update that causes failure or trouble is a "desirable" application.:censored:
 
May 14, 2020
62
The future doesn't look good for other companies such as iOBIT :):):)
The future never looked good for iOBit especially after that Malwarebytes debacle...

I think like some people here, that Microsoft should be more aggressive about PUPs, but not go so far as to block every single app that Microsoft doesn't like, there should be a balance, and that balance is difficult to achieve, because no matter what you do, which direction you choose to go down, there always will be people criticizing your decisions, like if Defender starts detecting Avast Antivirus as a PUP, some people will think that this is a good move by Microsoft, not only was Avast bundling software but the company itself is very shady. And then there is the people that are at the complete opposite of the spectrum, maybe they use or likeAvast AV and they don't Defender to flag it. So I think personally that Microsoft is starting go down the right path with Defender and PUP protection.
 

ChoiceVoice

Level 6
Verified
Oct 10, 2014
280
microsoft is on the pathway to being sued for abuse of monopoly. this happened before with IE. likewise, you can't have a built-in antivirus that flags non-malicious software that microsoft deems "unwanted". think about it, it is a built-in AV, meaning that it is essentially the windows operating system that is picking and choosing what will be allowed to run. they are unwittingly gaming their operating system to ban targeted software companies. and in the case of ccleaner, it is a software competitor that has a rival antivirus. it will be interesting to see how this develops in the future and whether someone will take on that juggernaut as netscape navigator did.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
This is just my personal opinion, OneDrive and Cortana, which we do not plan to use, are also close to PUA.
To the extreme, Microsoft and Avast may not be so different in what they are doing.
Neither tamper with the Registry nor intentionally make the OS less stable.

Both are first party services by Microsoft, not a sponsored deal between 2 parties.

Also, Cortana has moved away from the Desktop environment and towards Microsoft 365. On Google Android and iOS, their Assistants are dominant.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top