One of the latest additions to Windows Defender Antivirus' arsenal of protection tools blocks potentially unwanted programs, short PUPs, from landing on the system or being installed on Windows PCs.
Note: Potentially Unwanted Programs (PUPs) and Potentially Unwanted Applications (PUAs) refer to the same type of potentially unwanted software.
Microsoft improved the defensive capabilities of the built-in antivirus and security tool Windows Defender significantly for Windows 10.
The company added features such as Windows Defender System Guard and Application Guard, Network protection, Controlled Folder Access, or Exploit protection in recent years to the tool. Microsoft even published Windows Defender Browser Protection for Google Chrome.
Some features are reserved for Enterprise editions of Windows 10 but some are also available in Home editions.
Windows Defender may block potentially unwanted programs from being downloaded or installed on Windows 10 systems. The feature is not enabled by default and can only be enabled using PowerShell, InTune, or System Center.
Potentially Unwanted Programs are not classified as malware usually; these programs may come as extra installation offers during software installations on a Windows PC or as standalone programs that don't provide a lot of value, if at all.
Microsoft gives the following examples of typical PUA (Potentially Unwanted Applications):
Windows Defender Antivirus does not block potentially unwanted programs by default. You can check the protection on Microsoft's Demo Scenario site to test a system's protection against various threats.
Just click on the link under Scenario to test the protection. This should work with Windows Defender and other antivirus software installed provided that they are configured to block PUPs.
The protection works in the following cases:
Windows Defender Antivirus places files identified as PUP in the Quarantine. Users are informed about the identification of PUPs on the system similar to how they are informed about other threats detected by Windows Defender.
Admins and users can check the Windows Event Viewer for event ID 1160 as potentially unwanted program events are recorded under it.
Note that the following instructions apply to Windows 10 only and that you need elevated rights to make the change.
Nothing is returned when you run the command. You can run the command Get-MpPreference to check the status of preferences of Windows Defender Antivirus. Find PUAProtection and make sure it is set to 1 (which means that it is enabled).
Tip: You can disable the protection again at a later point in time by running the command Set-MpPreference -PUAProtection Disabled. It is furthermore possible to set the feature to audit mode. Audit mode records events but won't interfere (read block) potentially unwanted programs. To set audit mode run MpPreference -PUAProtection AuditMode.
I recommend that you run the test scenario that Microsoft published to the demo site linked above to make sure the protection is enabled correctly.
Admins who work with Microsoft Intune or System Center Configuration Manager find instructions on enabling the Potentially Unwanted Applications protection of Windows Defender Antivirus on Microsoft's Doc website.
Detected PUAs are moved to the Quarantine of Windows Defender automatically. It happens that you want to keep a program that Windows Defender identified as a PUA.
You can restore any program that Windows Defender put into Quarantine and potentially unwanted programs are no exception to that.
Windows Defender restores the file to its original location, e.g. the Downloads folder. You should be able to run it from there then without any issues.
Now You: Do you run antivirus software with PUP protection? (via Windows Central)Advertisement
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.