Add Adware Protection to Windows Defender

Martin Brinkmann
Nov 30, 2015
Windows
|
15

Microsoft announced recently that it added additional means of protection against the installation of so-called potentially unwanted applications (PUAs) to Windows Defender but only for Microsoft Enterprise customers.

It is unclear why Microsoft made the feature an Enterprise exclusive as unwanted software installations are likely more of a problem in home and small business environments than in Enterprise environments.

The Potentially Unwanted Application protection feature is available only for enterprise customers. If you are already one of Microsoft's existing enterprise customers, you need to opt-in to enable and use PUA protection.

While Microsoft announced the new feature as an Enterprise exclusive, it did not protect the feature in any way.

This means that home and business users can enable it on their Windows machines as well to block the deployment of adware during software installations.

The PUA protection updates are integrated into the definition updates and cloud protection of Windows Defender.

Enable PUA protection in Windows Defender

windows defender adware

Microsoft makes no mention of the versions of Windows that support PUA protection in Windows Defender. We have tested the feature on a Windows 10 Home and a Windows 10 Pro system, and it worked without issues in both of them.

You need to add a Registry key and preference to the Windows Registry to add PUA protection to the system:

  1. Tap on the Windows-key, type regedit and hit enter. This opens the Windows Registry editor.
  2. Confirm the UAC prompt if it appears.
  3. Navigate to the Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender
  4. Right-click on Windows Defender and select New > Key.
  5. Name that key MpEngine.
  6. Right-click on MpEngine and select New > Dword (32-bit) Value.
  7. Name the Dword MpEnablePus.
  8. Double-click on MpEnablePus and enter the value 1.
  9. Restart the PC.

Once you have restarted the PC Windows Defender will block potentially unwanted programs from being installed on the system or downloaded if Internet Explorer / Edge are being used.

windows defender anti pua

Please note that it may block the installation of the program and the included offers when it detects potentially unwanted software installers.

Detected files are quarantined so that they won't run. You can allow quarantined items by opening Windows Defender, selecting History, and selecting "allow item" under the "quarantined items" listing.

You can undo the change at any time by setting the newly created Registry Dword to the value 0, or by deleting MpEnablePus instead completely.

A quick test revealed that Windows Defender detects common services such as OpenCandy that are used to distribute potentially unwanted software on systems during installation of other software.

Windows Defender is not the first security program for Windows that protects systems against potentially unwanted software. Applications like Malwarebytes Anti-Malware and many antivirus solutions block these as well.

Summary
Add Adware Protection to Windows Defender
Article Name
Add Adware Protection to Windows Defender
Description
Find out how to add adware protection to Microsoft's Windows Defender application.
Author
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Peter said on February 28, 2016 at 3:24 pm
    Reply

    Someone over at Malwaretips recently tested this and no difference was found with the registry tweak in place.
    https://malwaretips.com/threads/windows-defender-pup-registry-tweak-tested.56740/

    1. Midniteoyl said on March 19, 2016 at 7:21 pm
      Reply

      Look again.. He did the test right this time and it worked :)

  2. EasonB said on December 18, 2015 at 5:25 am
    Reply

    It’s not bad for the developers to think of consumers. Anyway, it’s better not to take up too much CPU which can slow down the system speed, like a bad thing called vvv File Extension. I had to take action to stop annoying pop-ups on the desktop, from Google reference: http://blog.doohelp.com/how-to-removeuninstall-vvv-file-extension-virus-permanently/

  3. Anon said on December 3, 2015 at 1:34 am
    Reply

    FYI, the key does not work on Vista/7 with MSE (which disables Defender).

    I even tried altering the reg key to “Microsoft Security Client” instead of “Windows Defender”.

    So for now this trick is for Windows 8/8.1/10 only.

    1. Flux said on January 2, 2016 at 5:13 am
      Reply

      I haven’t tried it, but if you were looking to activate it on MSE, you’d actually change “Windows Defender” to “Microsoft Antimalware” NOT “Microsoft Security Client”

  4. Anon said on December 3, 2015 at 12:08 am
    Reply

    or run CMD as admin and paste:
    REG ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine” /v MpEnablePus /t REG_DWORD /d 00000001 /f

    then logoff or reboot the PC

  5. David said on December 2, 2015 at 1:54 pm
    Reply

    Since I’m running on 64-bit Win10, should I pick QWORD (64-bit) instead?

    1. Martin Brinkmann said on December 2, 2015 at 2:00 pm
      Reply

      No.

  6. John said on December 1, 2015 at 6:36 pm
    Reply

    Shouldn’t that remove Windows?

    1. George_Spelvin said on December 8, 2015 at 6:32 pm
      Reply

      Hah! SO FUNNY! Trolling Windows-relevant webpages to make snarky comments about Windows! So original.

      But really, get a life. Loser.

      1. Jacob Lageveen said on December 15, 2015 at 5:55 am
        Reply

        Why bother getting angry about it. Takes time from your life as well.

  7. Dwight Stegall said on December 1, 2015 at 8:00 am
    Reply

    Has Defender ever found anything on your computers? It never found anything on mine. Are you sure it is actually doing something?

    1. Matt said on December 21, 2015 at 3:03 am
      Reply

      oh yeah does the job if you keep it up to date.the one in Windows 10 is exceptionally strong.
      I intentionally downloaded a PS3 emulator for pc to play PS3 games .
      Defender flagged it as a Trojan and removed every bit of it without me having to do anything. :)

    2. A different Martin said on December 1, 2015 at 5:36 pm
      Reply

      According to reports I read on the Web, Windows Defender was updated to remove the new Dell Superfish-like root certificate and plugin before Dell released its own removal tool, so yes, it’s apparently doing something. (My own Windows Defender history is blank, so I’m guessing my other security measures have always beaten it to the the punch … or have been missing the same things, like the Dell System Detect root certificate, which I removed manually after Martin’s recent article on the Root Certificate Checker utility.)

  8. intelligencia said on November 30, 2015 at 8:44 pm
    Reply

    Thanks, Mate!

    It is about time that Microsoft has added this very Important feature to Windows Defender!

    I am now currently using Linux Mint (17.2) and If Ever I have the need to return to Windows again I will continue to archive all articles pertaining to Windows (10) that I received from this wonderful website: http://www.ghacks.net
    I say KEEP Up the fine work, Mr. Brinkmann!

    i

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.