How to Enable Windows Defender PUA Protection Feature

Windows Defender Antivirus has a feature to block Potentially Unwanted Applications, which pose a future threat and need to be removed without delay.

You might have wondered how your computer stands protected even if you have not downloaded and installed any antivirus program; it must be due to Windows Defender Antivirus, which comes pre-loaded with your Windows 10 OS.

Windows Defender is capable of handling many threats to your computer. These include known malware that come under different categories, ransomware, spyware and viruses of any kind.

At the same time, there are threats like Potentially Unwanted Applications (PUA).

As the name itself indicates, these applications may not pose a threat immediately; however, they have the potential to be used by hackers to inject a malware.

That’s why such applications need to be identified and removed. Windows Defender is capable of doing this, provided you enable this feature on it.

Here are the ways to do it.

  1. You have to first click on the Start button.
  2. In the Search window, type Windows PowerShell.
  3. On the result page, right-click and choose Run as Administrator.
  4. The next step is to type a command Set-MpPreference -PUAProtection 1.
  5. The command, followed by Enter, enables the feature to protect your computer from Potentially Unwanted Applications.

This should be sufficient for Windows Defender Antivirus to automatically take care of this function of detecting the potentially harmful applications and then isolating and deactivating them.

Check It out Using a Test

If you are not sure whether the command has been duly executed and Windows Defender Antivirus is doing its duty as expected, there is a way to check and verify.

Here’s how you can do it:

  1. Visit this website.
  2. On this page, you will find a sub-heading Scenario; under it you will find a link. Click on it.
  3. There, you will find a link that says, “Download the Potentially Unwanted Application ‘test’ file.”
  4. You will notice that the download will not be permitted by Windows Defender.
  5. This is the confirmation that the steps you initiated above to manually enable the Windows Defender Antivirus to block Potentially Unwanted Applications have been successful.

What If You Wish to Get One of the Apps Back?

There can be occasions when you realize an app which otherwise would have been categorized as PUA might not that harmful at all and you would want to install and use it again.

You will need to know how you can do it. Here are the steps to follow:

  1. The first destination, as always, is the Start button.
  2. And in the Search window, type Windows Defender Security Center.
  3. The relevant page opens; on this, click Virus & Threat Protection.
  4. Under it, you will find the “Threat history.”
  5. The next option is to look for “Quarantined threats.”.
  6. Click on See Details to access the list.
  7. Locate the app you need and click on the Restore button.
  8. The app you wanted is now unblocked from the actions by Windows Defender.
  9. You may also choose to remove all the other apps which had been identified and quarantined.

How Are the PUAs Identified and Blocked?

It is easy for you to find out how Windows Defender is able to decide a particular app is a Potentially Unwanted Application. The program is written with the algorithms that test the app on a set of questions.

Here are some of the questions which are part of the algorithm:

  1. Is the app being scanned from the browser?
  2. Does the app have the Mark of the Web (Zone ID) set?
  3. Is the file in the Download folder? Or is the file in the “%temp%” folder?

Please note that Windows Defender can block an app only if it is found to be a PUA at the stage you are trying to download/install, and not otherwise.

Some More Details on Windows Defender You Should Know

While going through these details, you may develop certain doubts. One of them could be: Is this feature of the Windows Defender Antivirus program part of all versions of Windows 10? The answer to that is yes.

Particularly, even the home computers, which are usually standalone units, can have the PUA blocking system activated or enabled using the steps described above.

There have been tests run to check if this provision exists in standalone computers and found to be working perfectly.

Another curious question that arises in this context is how Windows Defender reacts when confronted with an actual malware program, as opposed to the Potentially Unwanted Application?

As explained, the PUA is not supposed to contain any malware yet. The algorithms listed earlier don’t have this question if the app contains malware.

The answer to this question too was obtained during the different test runs done to understand the working of the PUA blocking feature.

When malware is identified, the Windows Defender props up a screen alert that says, “Found some malware; Windows Defender is removing it.”

When it is the case of the PUA, the response is “Windows Defender has found an unwanted app.”

It further explains that the computer is set to reject any app that might have the potential to perform any unwanted actions in it, if installed.

Further proof of a PUA being detected and quarantined can be seen in the scan history.

Though Microsoft has brought in many improvements to Windows Defender Antivirus in Windows 10 when compared to the features in Windows 8, many of these manual changes can be made and protection ensured in a computer running on Windows 8 as well.

But one must consider having a dedicated anti-malware program installed which can work in real-time and be much more effective in providing complete protection to both your hardware and software.

Irrespective of whether you have one PC or a huge network of computers, the need to remain alert against malware attacks cannot be emphasized enough.

Protect your systems at all costs instead of regretting later due to data breach or loss.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.