Add Adware Protection to Windows Defender - gHacks Tech News

Add Adware Protection to Windows Defender

Microsoft announced recently that it added additional means of protection against the installation of so-called potentially unwanted applications (PUAs) to Windows Defender but only for Microsoft Enterprise customers.

It is unclear why Microsoft made the feature an Enterprise exclusive as unwanted software installations are likely more of a problem in home and small business environments than in Enterprise environments.

The Potentially Unwanted Application protection feature is available only for enterprise customers. If you are already one of Microsoft's existing enterprise customers, you need to opt-in to enable and use PUA protection.

While Microsoft announced the new feature as an Enterprise exclusive, it did not protect the feature in any way.

This means that home and business users can enable it on their Windows machines as well to block the deployment of adware during software installations.

The PUA protection updates are integrated into the definition updates and cloud protection of Windows Defender.

Enable PUA protection in Windows Defender

windows defender adware

Microsoft makes no mention of the versions of Windows that support PUA protection in Windows Defender. We have tested the feature on a Windows 10 Home and a Windows 10 Pro system, and it worked without issues in both of them.

You need to add a Registry key and preference to the Windows Registry to add PUA protection to the system:

  1. Tap on the Windows-key, type regedit and hit enter. This opens the Windows Registry editor.
  2. Confirm the UAC prompt if it appears.
  3. Navigate to the Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender
  4. Right-click on Windows Defender and select New > Key.
  5. Name that key MpEngine.
  6. Right-click on MpEngine and select New > Dword (32-bit) Value.
  7. Name the Dword MpEnablePus.
  8. Double-click on MpEnablePus and enter the value 1.
  9. Restart the PC.

Once you have restarted the PC Windows Defender will block potentially unwanted programs from being installed on the system or downloaded if Internet Explorer / Edge are being used.

windows defender anti pua

Please note that it may block the installation of the program and the included offers when it detects potentially unwanted software installers.

Detected files are quarantined so that they won't run. You can allow quarantined items by opening Windows Defender, selecting History, and selecting "allow item" under the "quarantined items" listing.

You can undo the change at any time by setting the newly created Registry Dword to the value 0, or by deleting MpEnablePus instead completely.

A quick test revealed that Windows Defender detects common services such as OpenCandy that are used to distribute potentially unwanted software on systems during installation of other software.

Windows Defender is not the first security program for Windows that protects systems against potentially unwanted software. Applications like Malwarebytes Anti-Malware and many antivirus solutions block these as well.

Summary
Add Adware Protection to Windows Defender
Article Name
Add Adware Protection to Windows Defender
Description
Find out how to add adware protection to Microsoft's Windows Defender application.
Author
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. intelligencia said on November 30, 2015 at 8:44 pm
    Reply

    Thanks, Mate!

    It is about time that Microsoft has added this very Important feature to Windows Defender!

    I am now currently using Linux Mint (17.2) and If Ever I have the need to return to Windows again I will continue to archive all articles pertaining to Windows (10) that I received from this wonderful website: http://www.ghacks.net
    I say KEEP Up the fine work, Mr. Brinkmann!

    i

  2. Dwight Stegall said on December 1, 2015 at 8:00 am
    Reply

    Has Defender ever found anything on your computers? It never found anything on mine. Are you sure it is actually doing something?

    1. A different Martin said on December 1, 2015 at 5:36 pm
      Reply

      According to reports I read on the Web, Windows Defender was updated to remove the new Dell Superfish-like root certificate and plugin before Dell released its own removal tool, so yes, it’s apparently doing something. (My own Windows Defender history is blank, so I’m guessing my other security measures have always beaten it to the the punch … or have been missing the same things, like the Dell System Detect root certificate, which I removed manually after Martin’s recent article on the Root Certificate Checker utility.)

    2. Matt said on December 21, 2015 at 3:03 am
      Reply

      oh yeah does the job if you keep it up to date.the one in Windows 10 is exceptionally strong.
      I intentionally downloaded a PS3 emulator for pc to play PS3 games .
      Defender flagged it as a Trojan and removed every bit of it without me having to do anything. :)

  3. John said on December 1, 2015 at 6:36 pm
    Reply

    Shouldn’t that remove Windows?

    1. George_Spelvin said on December 8, 2015 at 6:32 pm
      Reply

      Hah! SO FUNNY! Trolling Windows-relevant webpages to make snarky comments about Windows! So original.

      But really, get a life. Loser.

      1. Jacob Lageveen said on December 15, 2015 at 5:55 am
        Reply

        Why bother getting angry about it. Takes time from your life as well.

  4. David said on December 2, 2015 at 1:54 pm
    Reply

    Since I’m running on 64-bit Win10, should I pick QWORD (64-bit) instead?

    1. Martin Brinkmann said on December 2, 2015 at 2:00 pm
      Reply

      No.

  5. Anon said on December 3, 2015 at 12:08 am
    Reply

    or run CMD as admin and paste:
    REG ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine” /v MpEnablePus /t REG_DWORD /d 00000001 /f

    then logoff or reboot the PC

  6. Anon said on December 3, 2015 at 1:34 am
    Reply

    FYI, the key does not work on Vista/7 with MSE (which disables Defender).

    I even tried altering the reg key to “Microsoft Security Client” instead of “Windows Defender”.

    So for now this trick is for Windows 8/8.1/10 only.

    1. Flux said on January 2, 2016 at 5:13 am
      Reply

      I haven’t tried it, but if you were looking to activate it on MSE, you’d actually change “Windows Defender” to “Microsoft Antimalware” NOT “Microsoft Security Client”

  7. EasonB said on December 18, 2015 at 5:25 am
    Reply

    It’s not bad for the developers to think of consumers. Anyway, it’s better not to take up too much CPU which can slow down the system speed, like a bad thing called vvv File Extension. I had to take action to stop annoying pop-ups on the desktop, from Google reference: http://blog.doohelp.com/how-to-removeuninstall-vvv-file-extension-virus-permanently/

  8. Peter said on February 28, 2016 at 3:24 pm
    Reply

    Someone over at Malwaretips recently tested this and no difference was found with the registry tweak in place.
    https://malwaretips.com/threads/windows-defender-pup-registry-tweak-tested.56740/

    1. Midniteoyl said on March 19, 2016 at 7:21 pm
      Reply

      Look again.. He did the test right this time and it worked :)

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.