Microsoft Malware Protection center announced a new feature that will stop unwanted applications from being installed in Windows 10. If you’ve been tricked before into installing adware from a seemly harmless software bundle, this is going to prevent from happening again. Aiming to secure in an enterprise environment that already has an anti-malware system in place such as System Center Endpoint Protection (SCEP) or Forefront Endpoint Protection (FEP) it’s also made available in Windows Defender so end users can also get benefit from it.
What type of adware will be detected?
According to Microsoft, typical examples of behavior that we consider PUA include ad-injection, many types of software bundling, and persistent solicitation for payment for services based on fraudulent claims.
How to enable in Windows Defender
1. Open Registry Editor
2. Navigate to the following key path:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender
Create a new Key called MpEngine and then create a new DWORD Value called MpEnablePus with a new value set at “1” to enable Potentially Unwanted Application protection (PUA).
3. Restart your computer and you are all set.
By default, when enabled, detected adware will be blocked and automatically quarantined.
How to test to make sure it’s enabled
When a PUA is detected, the following notification slides out in Windows 10 warning you that Windows Defender has found some unwanted applications that might harm your computer.
The details will also be shown in History tab in Windows 10 as well with threat names that all start with “PUA”, such as:
To test out to make sure if it’s indeed working, you can download this Free Video Converter installation file. The tool is awesome but does have some unwanted application bundled with the installation file.
Will it work in Windows 8 or 7
Unfortunately, it seems that it works only on Windows 10 at the moment. But if any of you has tried and found it’s working on either/both of these platforms, feel free to share in the comment.