Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or install other software which may be more harmful or annoying. Windows Security has reputation-based protection that can help protect your PC from potentially unwanted applications. Potentially unwanted app blocking was first introduced in the Windows 10 May 2020 update and is turned on by default for enterprise customers, but off by default for consumers. Kindly refer to these related guides: How to enable Smart App Control and Reputation-Based Protection in Windows 11, Core Isolation: Enable or Disable Core Isolation Memory Integrity in Windows 10 and Windows 11, and how to view, clear, and print Norton security event on a Mac PC
In a nutshell, Reputation-based security classifies a file as safe or unsafe based on its inherently garnered reputation. If you are using Windows 10 and would like to make some changes to Reputation-based protection settings. You can choose to enable Reputation based protection settings
To enable or disable Reputation-Based Protection on Windows 10, and Windows 11, follow the steps below. For Windows 10, you will need to do the following by ensuring that you have the latest version of Windows installed on your device.
To do this, open Settings, then go to Updates & Security and click Windows Security in the left-hand pane.
This will open a new window where you will need to click App- and browser control in the left-hand pane. Click on Reputation-based protection settings as shown below.
When enabled, you can click on the reputation-based protection settings link, it will take you straight into the central area of Reputation-based protection settings as shown below.
Below are the reputation-based settings available once the service is configured. Please scroll through to the bottom of the screen and you will see different options that are capable of blocking unwanted apps, phishing protection etc.
Enable Potentially Unwanted App Protection via PowerShell
To enable Potentially Unwanted App Protection via PowerShell, you can use the cmdlets below to enable, audit, disable, and view events.
- To enable PUA protection:
Set-MpPreference -PUAProtection Enabled
- To set PUA protection to audit mode, which detects PUAs without blocking them:
Set-MpPreference -PUAProtection AuditMode
- To disable PUA protection:
Set-MpPreference -PUAProtection Disabled
- To view threats processed by PUA protection:
Enable Potentially Unwanted App Protection via GPO
Group Policy can be used to roll out uniform PUA protection across many desktops. Configure the Windows Defender PUA settings using Group Policy. You will need to download and install Administrative Templates (.admx) for Windows 11 October 2021 Update (21H2) in order to have access to the configuration.
- In the Group Policy Management Editor, go to Computer configuration and select Administrative templates.
- Expand the tree to Windows Components > Microsoft Defender Antivirus.
- Double-click Configure detection for potentially unwanted applications.
- Select Enabled to enable PUA protection.
- In Options, select Block to block potentially unwanted applications, or select Audit Mode to test how the setting works in your environment. Select OK.
Lastly, I will recommend you to verify the PUAProtection settings (value) via PowerShell and check if the group policy has been deployed successfully. To do this, run the cmdlet below.
Get-Mppreference | select PUAProtection
The PUAProtection setting (value) of 2 indicates that PUA Protection is enabled with Audit mode as configured via the GPO.
PUA protection is enabled by default in the Microsoft Endpoint Manager (Current Branch).
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.