Add Adware Protection to Windows Defender

Microsoft announced recently that it added additional means of protection against the installation of so-called potentially unwanted applications (PUAs) to Windows Defender but only for Microsoft Enterprise customers.

It is unclear why Microsoft made the feature an Enterprise exclusive as unwanted software installations are likely more of a problem in home and small business environments than in Enterprise environments.

The Potentially Unwanted Application protection feature is available only for enterprise customers. If you are already one of Microsoft's existing enterprise customers, you need to opt-in to enable and use PUA protection.

While Microsoft announced the new feature as an Enterprise exclusive, it did not protect the feature in any way.

This means that home and business users can enable it on their Windows machines as well to block the deployment of adware during software installations.

The PUA protection updates are integrated into the definition updates and cloud protection of Windows Defender.

Enable PUA protection in Windows Defender

windows defender adware

Microsoft makes no mention of the versions of Windows that support PUA protection in Windows Defender. We have tested the feature on a Windows 10 Home and a Windows 10 Pro system, and it worked without issues in both of them.



You need to add a Registry key and preference to the Windows Registry to add PUA protection to the system:

  1. Tap on the Windows-key, type regedit and hit enter. This opens the Windows Registry editor.
  2. Confirm the UAC prompt if it appears.
  3. Navigate to the Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender
  4. Right-click on Windows Defender and select New > Key.
  5. Name that key MpEngine.
  6. Right-click on MpEngine and select New > Dword (32-bit) Value.
  7. Name the Dword MpEnablePus.
  8. Double-click on MpEnablePus and enter the value 1.
  9. Restart the PC.
Read also:  Windows 10 Social Update? My People and Gmail experience in latest Insider build

Once you have restarted the PC Windows Defender will block potentially unwanted programs from being installed on the system or downloaded if Internet Explorer / Edge are being used.

windows defender anti pua

Please note that it may block the installation of the program and the included offers when it detects potentially unwanted software installers.

Detected files are quarantined so that they won't run. You can allow quarantined items by opening Windows Defender, selecting History, and selecting "allow item" under the "quarantined items" listing.

You can undo the change at any time by setting the newly created Registry Dword to the value 0, or by deleting MpEnablePus instead completely.

A quick test revealed that Windows Defender detects common services such as OpenCandy that are used to distribute potentially unwanted software on systems during installation of other software.

Windows Defender is not the first security program for Windows that protects systems against potentially unwanted software. Applications like Malwarebytes Anti-Malware and many antivirus solutions block these as well.

Summary
Article Name
Add Adware Protection to Windows Defender
Description
Find out how to add adware protection to Microsoft's Windows Defender application.
Author

Please share this article

Facebooktwittergoogle_plusredditlinkedinmail



Responses to Add Adware Protection to Windows Defender

  1. intelligencia November 30, 2015 at 8:44 pm #

    Thanks, Mate!

    It is about time that Microsoft has added this very Important feature to Windows Defender!

    I am now currently using Linux Mint (17.2) and If Ever I have the need to return to Windows again I will continue to archive all articles pertaining to Windows (10) that I received from this wonderful website: http://www.ghacks.net
    I say KEEP Up the fine work, Mr. Brinkmann!

    i

  2. Dwight Stegall December 1, 2015 at 8:00 am #

    Has Defender ever found anything on your computers? It never found anything on mine. Are you sure it is actually doing something?

    • A different Martin December 1, 2015 at 5:36 pm #

      According to reports I read on the Web, Windows Defender was updated to remove the new Dell Superfish-like root certificate and plugin before Dell released its own removal tool, so yes, it's apparently doing something. (My own Windows Defender history is blank, so I'm guessing my other security measures have always beaten it to the the punch ... or have been missing the same things, like the Dell System Detect root certificate, which I removed manually after Martin's recent article on the Root Certificate Checker utility.)

    • Matt December 21, 2015 at 3:03 am #

      oh yeah does the job if you keep it up to date.the one in Windows 10 is exceptionally strong.
      I intentionally downloaded a PS3 emulator for pc to play PS3 games .
      Defender flagged it as a Trojan and removed every bit of it without me having to do anything. :)

  3. John December 1, 2015 at 6:36 pm #

    Shouldn't that remove Windows?

    • George_Spelvin December 8, 2015 at 6:32 pm #

      Hah! SO FUNNY! Trolling Windows-relevant webpages to make snarky comments about Windows! So original.

      But really, get a life. Loser.

      • Jacob Lageveen December 15, 2015 at 5:55 am #

        Why bother getting angry about it. Takes time from your life as well.

  4. David December 2, 2015 at 1:54 pm #

    Since I'm running on 64-bit Win10, should I pick QWORD (64-bit) instead?

  5. Anon December 3, 2015 at 12:08 am #

    or run CMD as admin and paste:
    REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine" /v MpEnablePus /t REG_DWORD /d 00000001 /f

    then logoff or reboot the PC

  6. Anon December 3, 2015 at 1:34 am #

    FYI, the key does not work on Vista/7 with MSE (which disables Defender).

    I even tried altering the reg key to "Microsoft Security Client" instead of "Windows Defender".

    So for now this trick is for Windows 8/8.1/10 only.

    • Flux January 2, 2016 at 5:13 am #

      I haven't tried it, but if you were looking to activate it on MSE, you'd actually change "Windows Defender" to "Microsoft Antimalware" NOT "Microsoft Security Client"

  7. EasonB December 18, 2015 at 5:25 am #

    It's not bad for the developers to think of consumers. Anyway, it's better not to take up too much CPU which can slow down the system speed, like a bad thing called vvv File Extension. I had to take action to stop annoying pop-ups on the desktop, from Google reference: http://blog.doohelp.com/how-to-removeuninstall-vvv-file-extension-virus-permanently/

  8. Peter February 28, 2016 at 3:24 pm #

    Someone over at Malwaretips recently tested this and no difference was found with the registry tweak in place.
    https://malwaretips.com/threads/windows-defender-pup-registry-tweak-tested.56740/

    • Midniteoyl March 19, 2016 at 7:21 pm #

      Look again.. He did the test right this time and it worked :)

Leave a Reply