- Windows doesn’t start: Recover partitions, copy files, and reset password with SystemRescue - Tue, Mar 28 2023
- ManageEngine OpManager: Comprehensive monitoring for on-prem, cloud, and containers - Thu, Mar 23 2023
- Install K3s, a lightweight, production-grade Kubernetes distro - Mon, Mar 20 2023
PUA protection has been available in Windows 10 and 11 since the Windows 10 May 2020 update. While it is a reputation-based solution that is part of Windows Defender, it does not require an Enterprise Windows Defender solution, such as Windows Defender ATP or Enterprise.
PUAs can lead to more malicious software. Due to unwanted settings or software introduced by PUAs, malicious software, such as ransomware, can have an easy doorway into the environment on a PUA-compromised workstation.
Enabling potentially unwanted apps protection
The process of enabling PUA protection in Windows is straightforward. The relevant setting can be found under Updates & Security > Windows Security > App & browser control.
You will see Reputation-based protection. Click the Turn on button.
After you turn on the setting, click Reputation-based protection settings.
Below are the reputation-based settings available once the service is configured:
After you enable reputation-based protection, the corresponding setting in Microsoft Edge Chromium will automatically be turned on.
Enabling PUA protection using PowerShell
To control PUA protection using PowerShell, you can use the cmdlets below to enable, audit, disable, and view events.
To enable PUA protection:
Set-MpPreference -PUAProtection Enabled
To set PUA protection to audit mode, which detects PUAs without blocking them:
Set-MpPreference -PUAProtection AuditMode
To disable PUA protection:
Set-MpPreference -PUAProtection Disabled
To view threats processed by PUA protection:
Managing potentially unwanted apps protection using Group Policy
Group Policy can be used to roll out uniform PUA protection across many desktops. To configure the Windows Defender PUA settings using Group Policy, you need the Administrative Templates (.admx) for Windows 10 October 2020 Update (20H2) (or later versions) to have the configuration available.
Download and extract the policy settings, and copy them to your Central Store in Active Directory. Now, you can configure the setting Configure detection for potentially unwanted applications which you can find at Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus.
The options are as follows:
- Not configured
Using Group Policy, organizations can apply PUA settings granularly across an organization and implement the settings quickly and easily.
Microsoft has increasingly added security features "in-the-box" with Windows Defender in Windows 10 and 11. With reputation-based protection turned on, Windows Defender can check apps and files, apply SmartScreen for Microsoft Edge, block potentially unwanted apps, and use SmartScreen for Microsoft Store apps.
Subscribe to 4sysops newsletter!
It is a simple setting to implement, and can gain significant returns across an organization's client base to help mitigate the risk of PUAs in the enterprise.
Want to write for 4sysops? We are looking for new authors.
It would of been helpful to give the path of the group policy settings.
The screenshot has a different setting than what is highlighted.
Steve, thank you for the hint. We replaced the screenshot. The location of the setting is Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus.
is there an actual list of what microsoft thinks that are unwanted programs?