This tutorial will show you how to enable or disable Microsoft Defender Antivirus Potentially unwanted applications (PUA) protection in Windows 11.
Potentially unwanted apps (PUA) aren't malware, but they might display advertising, use your PC for cryptomining, or do other things you'd prefer they not do. Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which may be more harmful or annoying.
Microsoft Defender Antivirus blocks detected PUA files and any attempts to download, move, run, or install them. Blocked PUA files are then moved to quarantine. When a PUA file is detected on an endpoint, Microsoft Defender Antivirus sends a notification to the user.
References:
Protect your PC from potentially unwanted applications - Microsoft Support


Block potentially unwanted applications with Microsoft Defender Antivirus - Microsoft Defender for Endpoint

How Microsoft identifies malware and potentially unwanted applications - Microsoft Defender XDR
You must be signed in as an administrator to enable or disable PUA protection.
To download a safe PUA test file: Feature Settings Check AMTSO | Detects Potentially Unwanted Applications (PUAs)
- Option One: Turn On or Off Block Downloads of Potentially Unwanted Apps in Microsoft Edge
- Option Two: Turn On or Off Potentially Unwanted App Blocking in Windows Security
- Option Three: Turn On or Off Potentially Unwanted App Blocking in PowerShell
- Option Four: Enable or Disable Potentially Unwanted App Blocking in Local Group Policy Editor
- Option Five: Enable or Disable Potentially Unwanted App Blocking using REG file
EXAMPLE: Windows Security "Potentially unwanted app found" notification
EXAMPLE: Potentially unwanted app download blocked in Microsoft Edge
EXAMPLE: Potentially unwanted app found in Windows Security protection history
1 Open Microsoft Edge.
2 Click/tap on the Settings and more (Alt+F) 3 dots menu icon, and click/tap on Settings. (see screenshot below)
3 Click/tap on Privacy, search, and services in the left pane, and turn On (default) or Off Block potentially unwanted apps for what you want under Security. (see screenshot below)
If Microsoft Defender SmartScreen is turned off, it will gray out and disable the Block potentially unwanted apps to block downloads setting.
4 You can now close the Settings tab in Microsoft Edge if you like.
1 Open Windows Security.
2 Click/tap on App & browser control. (see screenshot below)
3 Click/tap on the Reputation-based protection settings link. (see screenshot below)
4 Turn On (default) or Off Potentially unwanted app blocking for what you want. (see screenshots below)
On = Turns on both the Block apps and Block downloads settings.
5 If you turned on Potentially unwanted app blocking, you can check (on - default) or uncheck (off) Block apps and/or Block downloads for what you want.
Block apps will detect PUA that you've already downloaded or installed, so if you're using a different browser Windows Security can still detect PUA after you've downloaded it.
Block downloads looks for PUA as it's being downloaded in Microsoft Edge.
6 You can now close Windows Security if you like.
This option will not affect Block downloads of potentially unwanted apps in Microsoft Edge setting.
1 Open Windows Terminal (Admin), and select Windows PowerShell.
2 Copy and paste the command below you want to use into the elevated Windows PowerShell, and press Enter.
Set-MpPreference -PUAProtection 0
Set-MpPreference -PUAProtection Disabled
Set-MpPreference -PUAProtection 1
Set-MpPreference -PUAProtection Enabled
Set-MpPreference -PUAProtection 2
Set-MpPreference -PUAProtection AuditMode
3 You can now close Windows Terminal (Admin) if you like.
This option will not affect Block downloads of potentially unwanted apps in Microsoft Edge setting.
The Local Group Policy Editor is only available in the Windows 11 Pro, Enterprise, and Education editions.
All editions can use Option Five to configure the same policy.
1 Open the Local Group Policy Editor (gpedit.msc).
2 Navigate to the policy location below in the left pane of the Local Group Policy Editor. (see screenshot below)
3 In the right pane of Microsoft Defender Antivirus in Local Group Policy Editor, double click/tap on the Configure detection for potentially unwanted applications policy to edit it. (see screenshot above)
4 Do step 5 (enable), step 6 (audit mode), or step 7 (disable) below for what you would like to do.
This will gray out the Potentially unwanted app blocking setting in Option Two, and prevent using Option Three.
This will gray out the Potentially unwanted app blocking setting in Option Two, and prevent using Option Three.
Potentially unwanted software will not be blocked, however if this feature would have blocked access if it were set to Block (enable), then a record of the event will be in the event logs.
This will gray out the Potentially unwanted app blocking setting in Option Two, and prevent using Option Three.
This is the default setting.
This will allow you to change the Potentially unwanted app blocking setting using Option Two or Option Three.
9 You can now close the Local Group Policy Editor if you like.
This changes the same policy used in Option Four.
This option will not affect Block downloads of potentially unwanted apps in Microsoft Edge setting.
1 Do step 2 (always enable), step 3 (Always audit mode), step 4 (Always disable), or step 5 (default) below for what you would like to do.
This will gray out the Potentially unwanted app blocking setting in Option Two, and prevent using Option Three.
(Contents of REG file for reference)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"PUAProtection"=dword:00000001
This will gray out the Potentially unwanted app blocking setting in Option Two, and prevent using Option Three.
Potentially unwanted software will not be blocked, however if this feature would have blocked access if it were set to Block (enable), then a record of the event will be in the event logs.
(Contents of REG file for reference)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"PUAProtection"=dword:00000002
This will gray out the Potentially unwanted app blocking setting in Option Two, and prevent using Option Three.
(Contents of REG file for reference)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"PUAProtection"=dword:00000000
This is the default setting.
This will allow you to change the Potentially unwanted app blocking setting using Option Two or Option Three.
(Contents of REG file for reference)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"PUAProtection"=-
6 Save the .reg file to your desktop.
7 Double click/tap on the downloaded .reg file to merge it.
8 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.
9 You can now delete the downloaded .reg file if you like.
That's it,
Shawn Brink
Attachments
-
Always_disable_Windows_Defender_PUA_protection_and_not_block_apps.reg634 bytes · Views: 434
-
Always_enable_Audit_Mode_Windows_Defender_PUA_and_not_block_apps.reg638 bytes · Views: 330
-
Always_enable_Microsoft_Defender_PUA_and_block_apps.reg642 bytes · Views: 339
-
Default_allow_set__Windows_Defender_PUA_in_Windows_Security.reg616 bytes · Views: 324