- Install Azure Stack HCI Single-Node Cluster - Mon, Jul 4 2022
- Network management software from Auvik: Cloud-based and easy to use - Thu, Jun 23 2022
- Secure email and privacy in the cloud with Proton for Business - Tue, Jun 21 2022
PUA protection has been available in Windows 10 and 11 since the Windows 10 May 2020 update. While it is a reputation-based solution that is part of Windows Defender, it does not require an Enterprise Windows Defender solution, such as Windows Defender ATP or Enterprise.
PUAs can lead to more malicious software. Due to unwanted settings or software introduced by PUAs, malicious software, such as ransomware, can have an easy doorway into the environment on a PUA-compromised workstation.
Enabling potentially unwanted apps protection ^
The process of enabling PUA protection in Windows is straightforward. The relevant setting can be found under Updates & Security > Windows Security > App & browser control.
You will see Reputation-based protection. Click the Turn on button.
After you turn on the setting, click Reputation-based protection settings.
Below are the reputation-based settings available once the service is configured:
After you enable reputation-based protection, the corresponding setting in Microsoft Edge Chromium will automatically be turned on.
Enabling PUA protection using PowerShell ^
To control PUA protection using PowerShell, you can use the cmdlets below to enable, audit, disable, and view events.
To enable PUA protection:
Set-MpPreference -PUAProtection Enabled
To set PUA protection to audit mode, which detects PUAs without blocking them:
Set-MpPreference -PUAProtection AuditMode
To disable PUA protection:
Set-MpPreference -PUAProtection Disabled
To view threats processed by PUA protection:
Managing potentially unwanted apps protection using Group Policy ^
Group Policy can be used to roll out uniform PUA protection across many desktops. To configure the Windows Defender PUA settings using Group Policy, you need the Administrative Templates (.admx) for Windows 10 October 2020 Update (20H2) (or later versions) to have the configuration available.
Download and extract the policy settings, and copy them to your Central Store in Active Directory. Now, you can configure the setting Configure detection for potentially unwanted applications. The options are as follows:
- Not configured
Using Group Policy, organizations can apply PUA settings granularly across an organization and implement the settings quickly and easily.
Wrapping up ^
Microsoft has increasingly added security features "in-the-box" with Windows Defender in Windows 10 and 11. With reputation-based protection turned on, Windows Defender can check apps and files, apply SmartScreen for Microsoft Edge, block potentially unwanted apps, and use SmartScreen for Microsoft Store apps.
Subscribe to 4sysops newsletter!
It is a simple setting to implement, and can gain significant returns across an organization's client base to help mitigate the risk of PUAs in the enterprise.