Add Adware Protection to Windows Defender
Microsoft announced recently that it added additional means of protection against the installation of so-called potentially unwanted applications (PUAs) to Windows Defender but only for Microsoft Enterprise customers.
It is unclear why Microsoft made the feature an Enterprise exclusive as unwanted software installations are likely more of a problem in home and small business environments than in Enterprise environments.
The Potentially Unwanted Application protection feature is available only for enterprise customers. If you are already one of Microsoft's existing enterprise customers, you need to opt-in to enable and use PUA protection.
While Microsoft announced the new feature as an Enterprise exclusive, it did not protect the feature in any way.
This means that home and business users can enable it on their Windows machines as well to block the deployment of adware during software installations.
The PUA protection updates are integrated into the definition updates and cloud protection of Windows Defender.
Enable PUA protection in Windows Defender
Microsoft makes no mention of the versions of Windows that support PUA protection in Windows Defender. We have tested the feature on a Windows 10 Home and a Windows 10 Pro system, and it worked without issues in both of them.
You need to add a Registry key and preference to the Windows Registry to add PUA protection to the system:
- Tap on the Windows-key, type regedit and hit enter. This opens the Windows Registry editor.
- Confirm the UAC prompt if it appears.
- Navigate to the Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender
- Right-click on Windows Defender and select New > Key.
- Name that key MpEngine.
- Right-click on MpEngine and select New > Dword (32-bit) Value.
- Name the Dword MpEnablePus.
- Double-click on MpEnablePus and enter the value 1.
- Restart the PC.
Once you have restarted the PC Windows Defender will block potentially unwanted programs from being installed on the system or downloaded if Internet Explorer / Edge are being used.
Please note that it may block the installation of the program and the included offers when it detects potentially unwanted software installers.
Detected files are quarantined so that they won't run. You can allow quarantined items by opening Windows Defender, selecting History, and selecting "allow item" under the "quarantined items" listing.
You can undo the change at any time by setting the newly created Registry Dword to the value 0, or by deleting MpEnablePus instead completely.
A quick test revealed that Windows Defender detects common services such as OpenCandy that are used to distribute potentially unwanted software on systems during installation of other software.
Windows Defender is not the first security program for Windows that protects systems against potentially unwanted software. Applications like Malwarebytes Anti-Malware and many antivirus solutions block these as well.
It is about time that Microsoft has added this very Important feature to Windows Defender!
I am now currently using Linux Mint (17.2) and If Ever I have the need to return to Windows again I will continue to archive all articles pertaining to Windows (10) that I received from this wonderful website: http://www.ghacks.net
I say KEEP Up the fine work, Mr. Brinkmann!
Has Defender ever found anything on your computers? It never found anything on mine. Are you sure it is actually doing something?
According to reports I read on the Web, Windows Defender was updated to remove the new Dell Superfish-like root certificate and plugin before Dell released its own removal tool, so yes, it’s apparently doing something. (My own Windows Defender history is blank, so I’m guessing my other security measures have always beaten it to the the punch … or have been missing the same things, like the Dell System Detect root certificate, which I removed manually after Martin’s recent article on the Root Certificate Checker utility.)
oh yeah does the job if you keep it up to date.the one in Windows 10 is exceptionally strong.
I intentionally downloaded a PS3 emulator for pc to play PS3 games .
Defender flagged it as a Trojan and removed every bit of it without me having to do anything. :)
Shouldn’t that remove Windows?
Hah! SO FUNNY! Trolling Windows-relevant webpages to make snarky comments about Windows! So original.
But really, get a life. Loser.
Why bother getting angry about it. Takes time from your life as well.
Since I’m running on 64-bit Win10, should I pick QWORD (64-bit) instead?
or run CMD as admin and paste:
REG ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine” /v MpEnablePus /t REG_DWORD /d 00000001 /f
then logoff or reboot the PC
FYI, the key does not work on Vista/7 with MSE (which disables Defender).
I even tried altering the reg key to “Microsoft Security Client” instead of “Windows Defender”.
So for now this trick is for Windows 8/8.1/10 only.
I haven’t tried it, but if you were looking to activate it on MSE, you’d actually change “Windows Defender” to “Microsoft Antimalware” NOT “Microsoft Security Client”
It’s not bad for the developers to think of consumers. Anyway, it’s better not to take up too much CPU which can slow down the system speed, like a bad thing called vvv File Extension. I had to take action to stop annoying pop-ups on the desktop, from Google reference: http://blog.doohelp.com/how-to-removeuninstall-vvv-file-extension-virus-permanently/
Someone over at Malwaretips recently tested this and no difference was found with the registry tweak in place.
Look again.. He did the test right this time and it worked :)