Potentially unwanted applications (PUAs) are software apps that do things that border on malicious activity. These can include displaying unwanted advertising when you search for specific terms, redirecting your browser home page, secretly using your computer for crypto mining, or installing unwanted browser plugins. Microsoft has included blocking PUAs in Windows 10 and 11. Admins can manage this feature using PowerShell or Group Policy.

PUA protection has been available in Windows 10 and 11 since the Windows 10 May 2020 update. While it is a reputation-based solution that is part of Windows Defender, it does not require an Enterprise Windows Defender solution, such as Windows Defender ATP or Enterprise.

potentially unwanted apps are greyware that is generally unwanted

potentially unwanted apps are greyware that is generally unwanted

PUAs can lead to more malicious software. Due to unwanted settings or software introduced by PUAs, malicious software, such as ransomware, can have an easy doorway into the environment on a PUA-compromised workstation.

Enabling potentially unwanted apps protection ^

The process of enabling PUA protection in Windows is straightforward. The relevant setting can be found under Updates & Security > Windows Security > App & browser control.

Enabling app and browser control

Enabling app and browser control

You will see Reputation-based protection. Click the Turn on button.

Enabling reputation based protection

Enabling reputation based protection

After you turn on the setting, click Reputation-based protection settings.

Viewing reputation based protection settings

Viewing reputation based protection settings

Below are the reputation-based settings available once the service is configured:

Reputation based settings that can be enabled and disabled

Reputation based settings that can be enabled and disabled

After you enable reputation-based protection, the corresponding setting in Microsoft Edge Chromium will automatically be turned on.

Block potentially apps in Edge

Block potentially apps in Edge

Enabling PUA protection using PowerShell ^

To control PUA protection using PowerShell, you can use the cmdlets below to enable, audit, disable, and view events.

To enable PUA protection:

Set-MpPreference -PUAProtection Enabled

To set PUA protection to audit mode, which detects PUAs without blocking them:

Set-MpPreference -PUAProtection AuditMode

To disable PUA protection:

Set-MpPreference -PUAProtection Disabled

To view threats processed by PUA protection:

Get-MpThreat

Managing potentially unwanted apps protection using Group Policy ^

Group Policy can be used to roll out uniform PUA protection across many desktops. To configure the Windows Defender PUA settings using Group Policy, you need the Administrative Templates (.admx) for Windows 10 October 2020 Update (20H2) (or later versions) to have the configuration available.

Download and extract the policy settings, and copy them to your Central Store in Active Directory. Now, you can configure the setting Configure detection for potentially unwanted applications which you can find at Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus.
 The options are as follows:

  • Not configured
  • Enabled
  • Disabled
Configuring the Potentially Unwanted Apps settings using Group Policy

Configuring the Potentially Unwanted Apps settings using Group Policy

Using Group Policy, organizations can apply PUA settings granularly across an organization and implement the settings quickly and easily.

Wrapping up ^

Microsoft has increasingly added security features "in-the-box" with Windows Defender in Windows 10 and 11. With reputation-based protection turned on, Windows Defender can check apps and files, apply SmartScreen for Microsoft Edge, block potentially unwanted apps, and use SmartScreen for Microsoft Store apps.

Subscribe to 4sysops newsletter!

It is a simple setting to implement, and can gain significant returns across an organization's client base to help mitigate the risk of PUAs in the enterprise.

3 Comments
  1. SteveA 4 months ago

    It would of been helpful to give the path of the group policy settings.

  2. SteveA 4 months ago

    The screenshot has a different setting than what is highlighted.

  3. Michael Pietroforte 4 months ago

    Steve, thank you for the hint. We replaced the screenshot. The location of the setting is Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus.

Leave a reply

Your email address will not be published.

*

© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account