February 1, 2018
For improving Windows 10 enterprise security, Microsoft turned on PUA/PUP protection of Windows Defender by default. But, it has been turned off by default in Windows 10 Home and Windows 10 Pro. What is PUA/PUP? How to turn on Windows Defender PUA/PUP protection in Windows 10 Home and Windows 10 Pro?
Method 1, Use PowerShell cmdlets to configure the PUA protection feature
1, Press Win + S
2, Type powershell
3, Right click on Windows PowerShell, click Run as administrator
4, Enter the command:
Set-MpPreference -PUAProtection enable
5, Restart system, the PUA detection has been enabled.
Setting the value for this cmdlet to Enabled will turn the feature ON if it has been disabled.
Setting the value for this cmdlet to disabled will turn the feature OFF if it has been enabled.
Setting AuditMode will detect PUAs but will not block them.
Method 2, Edit Windows registry
Before start to edit Windows registry, please make a full registry backup. You can refer this page to learn How to back up full Windows registry.
1, Press Win + R
2, Type regedit, and press Enter
3, Expand and find:
4, Right click on Windows Defender, select New – Key, and named MpEngine
5, Click on MpEngine, then right click on right area, select New – DWORD (32-bit) Value, named MpEnablePus
6, Double click MpEnablePus, set its Value data = 1
7, Restart system, then the PUA protection has been enabled.
If you want to disable PUA detection, just change MpEnablePus value to 0, or delete registry entry MpEngine
Method 3, Use Group Policy to configure PUA protection
1, Press Win +R to open the Run box.
2, Type gpedit.msc in the Run box and click OK.
3, In the Group Policy Management Editor, go to Computer configuration and select Administrative templates.
4, Expand the tree to Windows components > Windows Defender Antivirus.
5, Double-click Configure protection for potentially unwanted applications.
6, Select Enabled to enable PUA protection.
7, In Options, select Block to block potentially unwanted applications, or select Audit Mode to test how the setting will work in your environment. Select OK.
How to verify the PUA protection is working?
Before starting the test, please update Windows Defender to the latest version. Then follow the steps.
1, Go to http://www.amtso.org/feature-settings-check-potentially-unwanted-applications/
2, Click Launch The Test button to download the test file.
3, After downloading the file, it is automatically blocked and prevented from running.
If you are able to download this file successfully, your anti-malware solution is NOT configured correctly to detect Potentially Unwanted Applications, or DOES NOT conform to industry best practice.