Windows Defender: How To Activate Potentially Unwanted Applications (PUA) Protection
 |
This topic is a how to.
Please keep it as clear and simple as possible. Avoid speculative discussions as well as a deep dive into underlying mechanisms or related technologies. |
Introduction
Windows Defender provides the system with a good standard protection in all the Windows versions it is natively available with.
In addition to the base protection against viruses and malware in general, Windows Defender also incorporates a protection system by the equally widespread and annoying adware or other kinds of potentially unwanted applications (PUAs); however, this feature is not active by default and requires either a change in the Registry of the operating system, the activation of a policy using the Group Policy Editor or the execution of a PowerShell cmdlet to be available and active and increase the level of protection and security of the PC.
NOTE: It is strongly recommended to do a full backup copy of the system registry before editing.
Be extremely careful and pay attention: any kind of Registry editing mistake can compromise the installed applications as well as Windows itself, thus making it necessary to reinstall application or the operating system.
Microsoft cannot guarantee any solution to problems due to wrong use of the Windows registry editor. Any change executed on the operating system registry is the full user's responsibility.
Activating PUA Protection via Registry
To activate the PUA protection feature in Windows Defender
- press Win + R, type regedit and hit ENTER to run the system registry editor; alternatively, press Win + C, click Find, type regedit.exe and click the Registry Editor icon;
- confirm the wish to open the registry editor against the (possible) security question posed by the Windows User Account Control;
- locate the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender key
- right-click on the Windows Defender key and select New -> DWORD (32 bit) value
- assigne the name PUAProtection to the newly created value and set it to 1 (Enabled) to enable the PUA protection or to 2 (Audit Mode) to make PUAs being detected but not removed
- locate the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine key. If the MpEngine folder is not present, right-click on the Windows Defender folder and select New -> Key to create it and assign the name to it;
- click on the newly created MpEngine key, then right-click in the right part of the Registry Editor window, create a new 32-bit DWORD value (even if you are using a 64-bit version of Windows), set its name to MpEnablePus and set its value to 1
- close the registry editor and restart the system for the change to take effect.
After restarting, any running applications with abnormal behavior will be blocked; the same operation will happen during the installation if the software behaves abnormally.
Activating PUA Protection via Group Policy
Starting from Windows 10 version 1809, the PUA protection can also be managed using the Local Group Policy Editor.
- open the Local Group Policy Editor
- in the left pane of Local Group Policy Editor window, navigate to Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus
- in the right pane of Windows Defender Antivirus in the Local Group Policy Editor window, double click on the Configure detection for potentially unwanted applications policy to edit it: select the Enabled option to activate it, then select either "Block" or "Audit Mode" from the dropdown list in the Options: section of the policy properties.
Activating PUA Protection via PowerShell
The PUA protection can be enabled by executing the Set-MpPreference cmdlet from an administrative Windows PowerShell session; the cmdlet accepts the -PUAProtection parameter with one of the following values
- 0 or Disabled (default): PUA protection disabled
- 1 or Enabled: PUA protection enabled
- 2 or AuditMode: PUAs detected but not blocked
See Also
Other Languages
This article is also available in the following languages: