Enable protection from unwanted programs with Windows Defender
One of the latest additions to the arsenal of protection tools, Windows Defender Antivirus blocks potentially unwanted programs.
Potentially Unwanted Programs (PUPs) and Potentially Unwanted Applications (PUAs) refer to the same type of potentially unwanted software.
Microsoft has greatly improved the defensive capabilities of Windows Defender's built-in antivirus and security tool Windows 10.
The company has added features such as Windows Defender System Guard and Application Guard, Network Protection, Controlled Folder Access, or Vulnerability Protection to the tool in recent years. Microsoft has even released Windows Defender Browser Protection for Google Chrome.
Some features are reserved for the Enterprise editions of Windows 10. But some are also available in the Home editions.
Windows Defender PUP Protection
Windows Defender can block the download or installation of potentially unwanted programs on Windows 10 systems. The feature is not enabled by default and can only be enabled through PowerShell, InTune, or System Center.
Potentially unwanted programs are generally not classified as malware. These programs can be provided as additional installation offerings when installing software on a Windows PC or as standalone programs that don't provide much value. If they do.
Microsoft provides the following examples of typical potentially unwanted applications (PUAs):
Various types of software packages.
Injection of ads into web browsers.
Registry drivers and optimizers that detect problems, require payment to fix errors, but remain on the endpoint and make no changes or optimizations (also known as "rogue antivirus" programs).
Windows Defender Antivirus doesn't block potentially unwanted programs by default. You can check protection at Microsoft's demo scenario site to test a system's protection against various threats.
Just click the link in Scenario to test your security. This should work with Windows Defender and other antivirus software installed. As long as they are configured to block PUPs.
The protection operates in the following cases:
The file is downloaded in a browser.
It is in a folder with "download" or "temperature" in the path.
The file is located on the user's desktop.
The information is not inside% programfiles%,% appdata% or% windows% and does not meet any of the above conditions.
Windows Defender Antivirus quarantines files identified as PUPs. Users are informed of the identification of PUPs in the system. Similar to how they are notified of other threats detected by Windows Defender.
Administrators and users can check the Windows Event Viewer for Event ID 1160 as potentially unwanted program events are logged within it.
Enable the protection of potentially unwanted programs in Windows Defender
Note that the following instructions only apply to Windows 10 and that elevated rights are required to make the change.
Open Windows PowerShell with Windows-X and select Windows PowerShell (Administrator) from the context menu.
If you don't see Windows PowerShell (administrator) in the list, do the following: Open Start, type Windows PowerShell, right-click the result and select "run as administrator".
Confirm the displayed UAC prompt.
The console that opens must be with "Administrator".
Type Set-MpPreference -PUAProtection Enabled and press the Enter key.
Nothing is returned when the command is run. You can run the Get-MpPreference command to check the status of Windows Defender Antivirus preferences. Look for PUAProtection and make sure it's set to 1 (which means it's enabled).
You can disable the protection again later by running the Set-MpPreference-PUAProtection Disabled command. It is also possible to set the function in audit mode. Audit mode logs events but does not interfere with potentially unwanted programs. To set the audit mode, run MpPreference -PUAProtection AuditMode.
I recommend that you run the test case that Microsoft posted on the demo site linked above to make sure the protection is enabled correctly.
Administrators working with Microsoft Intune or System Center Configuration Manager can find instructions for enabling Windows Defender Antivirus potentially unwanted application protection on the Microsoft Doc website.
Whitelist blocks PUA apps
Detected PUAs are automatically moved to the Windows Defender Quarantine. It happens that you want to keep a program that Windows Defender has identified as a PUA.
You can restore any program quarantined by Windows Defender, and potentially unwanted programs are no exception.
Use Windows-I to open the Settings app.
Go to Update & Security> Windows Security.
Select "Open Windows Security".
Go to Virus & threat protection.
Click on "Threat History".
Select the threat you want to restore and then restore.
If you don't see the threat listed there, as only a few are listed there, select "view full history" to get the full list.
Windows Defender restores the file to its original location, such as the Downloads folder. You should be able to run it from there without any problems.
If you want to know other articles similar to Enable protection from unwanted programs with Windows Defender you can visit the category Tutorials.