How to enable the Windows Potentially Unwanted Application (PUA) feature

Turning on the PUA setting helps avoid users falling prey to malicious drive-by downloads.

If your organization uses Windows Defender on Windows 10 1607 or later updates, there may be some settings you’ll want to enable that are not enabled by default. Microsoft provides advice on security settings in this regard. One setting you might want to enable is the Potentially Unwanted Application (PUA) feature. You can turn it on in multiple ways using multiple tools.

PUA looks for items that follow certain structures or conditions:

  • The file is being scanned from the browser
  • The file is in a folder with "downloads" in the path
  • The file is in a folder with "temp" in the path
  • The file is on the user's desktop
  • The file does not meet one of these conditions and is not under %programfiles%, %appdata% or %windows%

If these conditions are met, the file will be quarantined and not allowed to be installed.

You can enable PUA protection with Microsoft Intune, System Center Configuration Manager, Group Policy, PowerShell cmdlets or with registry keys. You can also use the PUA audit mode to detect PUA without blocking them. The detections will be captured in the Windows event log.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!