Microsoft announced recently that it added additional means of protection against the installation of so-called potentially unwanted applications (PUAs) to Windows Defender but only for Microsoft Enterprise customers.
It is unclear why Microsoft made the feature an Enterprise exclusive as unwanted software installations are likely more of a problem in home and small business environments than in Enterprise environments.
The Potentially Unwanted Application protection feature is available only for enterprise customers. If you are already one of Microsoft's existing enterprise customers, you need to opt-in to enable and use PUA protection.
While Microsoft announced the new feature as an Enterprise exclusive, it did not protect the feature in any way.
This means that home and business users can enable it on their Windows machines as well to block the deployment of adware during software installations.
The PUA protection updates are integrated into the definition updates and cloud protection of Windows Defender.
Enable PUA protection in Windows Defender
Microsoft makes no mention of the versions of Windows that support PUA protection in Windows Defender. We have tested the feature on a Windows 10 Home and a Windows 10 Pro system, and it worked without issues in both of them.
You need to add a Registry key and preference to the Windows Registry to add PUA protection to the system:
- Tap on the Windows-key, type regedit and hit enter. This opens the Windows Registry editor.
- Confirm the UAC prompt if it appears.
- Navigate to the Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender
- Right-click on Windows Defender and select New > Key.
- Name that key MpEngine.
- Right-click on MpEngine and select New > Dword (32-bit) Value.
- Name the Dword MpEnablePus.
- Double-click on MpEnablePus and enter the value 1.
- Restart the PC.
Once you have restarted the PC Windows Defender will block potentially unwanted programs from being installed on the system or downloaded if Internet Explorer / Edge are being used.
Please note that it may block the installation of the program and the included offers when it detects potentially unwanted software installers.
Detected files are quarantined so that they won't run. You can allow quarantined items by opening Windows Defender, selecting History, and selecting "allow item" under the "quarantined items" listing.
You can undo the change at any time by setting the newly created Registry Dword to the value 0, or by deleting MpEnablePus instead completely.
A quick test revealed that Windows Defender detects common services such as OpenCandy that are used to distribute potentially unwanted software on systems during installation of other software.
Windows Defender is not the first security program for Windows that protects systems against potentially unwanted software. Applications like Malwarebytes Anti-Malware and many antivirus solutions block these as well.