Privacy and Security Enable or Disable Microsoft Defender PUA Protection in Windows 11


  • Staff
Windows_Security_banner.png

This tutorial will show you how to enable or disable Microsoft Defender Antivirus Potentially unwanted applications (PUA) protection in Windows 11.

Potentially unwanted apps (PUA) aren't malware, but they might display advertising, use your PC for cryptomining, or do other things you'd prefer they not do. Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which may be more harmful or annoying.

Microsoft Defender Antivirus blocks detected PUA files and any attempts to download, move, run, or install them. Blocked PUA files are then moved to quarantine. When a PUA file is detected on an endpoint, Microsoft Defender Antivirus sends a notification to the user.

References:


You must be signed in as an administrator to enable or disable PUA protection.


To download a safe PUA test file: Feature Settings Check AMTSO | Detects Potentially Unwanted Applications (PUAs)



Contents

  • Option One: Turn On or Off Block Downloads of Potentially Unwanted Apps in Microsoft Edge
  • Option Two: Turn On or Off Potentially Unwanted App Blocking in Windows Security
  • Option Three: Turn On or Off Potentially Unwanted App Blocking in PowerShell
  • Option Four: Enable or Disable Potentially Unwanted App Blocking in Local Group Policy Editor
  • Option Five: Enable or Disable Potentially Unwanted App Blocking using REG file


EXAMPLE: Windows Security "Potentially unwanted app found" notification

PUA_notification.png


EXAMPLE: Potentially unwanted app download blocked in Microsoft Edge

PUA_Microsft_Edge.png


EXAMPLE: Potentially unwanted app found in Windows Security protection history

Windows_Security_Protection_History.png





Option One

Turn On or Off Block Downloads of Potentially Unwanted Apps in Microsoft Edge


1 Open Microsoft Edge.

2 Click/tap on the Settings and more (Alt+F) 3 dots menu icon, and click/tap on Settings. (see screenshot below)

Microsoft_Defender_for_Microsoft_Edge_PUA-1.jpg

3 Click/tap on Privacy, search, and services in the left pane, and turn On (default) or Off Block potentially unwanted apps for what you want under Security. (see screenshot below)

If Microsoft Defender SmartScreen is turned off, it will gray out and disable the Block potentially unwanted apps to block downloads setting.


Microsoft_Defender_for_Microsoft_Edge_PUA-2.png

4 You can now close the Settings tab in Microsoft Edge if you like.




Option Two

Turn On or Off Potentially Unwanted App Blocking in Windows Security


1 Open Windows Security.

2 Click/tap on App & browser control. (see screenshot below)

Microsoft_Defender_for_PUA-1.png

3 Click/tap on the Reputation-based protection settings link. (see screenshot below)

Microsoft_Defender_for_PUA-2.png

4 Turn On (default) or Off Potentially unwanted app blocking for what you want. (see screenshots below)

On = Turns on both the Block apps and Block downloads settings.


5 If you turned on Potentially unwanted app blocking, you can check (on - default) or uncheck (off) Block apps and/or Block downloads for what you want.

Block apps will detect PUA that you've already downloaded or installed, so if you're using a different browser Windows Security can still detect PUA after you've downloaded it.

Block downloads looks for PUA as it's being downloaded in Microsoft Edge.


Microsoft_Defender_for_PUA-3.png
Microsoft_Defender_SmartScreen_for_PUA-4.png

6 You can now close Windows Security if you like.




Option Three

Turn On or Off Potentially Unwanted App Blocking in PowerShell


This option will not affect Block downloads of potentially unwanted apps in Microsoft Edge setting.


1 Open Windows Terminal (Admin), and select Windows PowerShell.

2 Copy and paste the command below you want to use into the elevated Windows PowerShell, and press Enter.

(Turn off PUA protection to not block apps)
Set-MpPreference -PUAProtection 0
or​
Set-MpPreference -PUAProtection Disabled

OR​

(Turn on PUA protection and block apps - Default)
Set-MpPreference -PUAProtection 1
or​
Set-MpPreference -PUAProtection Enabled

OR​
(Audit Mode - will only detect and log PUAs, but will not block apps)
Set-MpPreference -PUAProtection 2
or​
Set-MpPreference -PUAProtection AuditMode

3 You can now close Windows Terminal (Admin) if you like.




Option Four

Enable or Disable Potentially Unwanted App Blocking in Local Group Policy Editor


This option will not affect Block downloads of potentially unwanted apps in Microsoft Edge setting.

The Local Group Policy Editor is only available in the Windows 11 Pro, Enterprise, and Education editions.

All editions can use Option Five to configure the same policy.


1 Open the Local Group Policy Editor (gpedit.msc).

2 Navigate to the policy location below in the left pane of the Local Group Policy Editor. (see screenshot below)

Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus

Microsoft_Defender_for_PUA_gpedit-1.png

3 In the right pane of Microsoft Defender Antivirus in Local Group Policy Editor, double click/tap on the Configure detection for potentially unwanted applications policy to edit it. (see screenshot above)

4 Do step 5 (enable), step 6 (audit mode), or step 7 (disable) below for what you would like to do.

5 Always Enable PUA Protection and Block Apps

This will gray out the Potentially unwanted app blocking setting in Option Two, and prevent using Option Three.


A) Select (dot) Enabled, select Block in the Options drop down menu, click/tap on OK, and go to step 9 below. (see screenshot below)​

Microsoft_Defender_for_PUA_gpedit-3.png

6 Always Enable Audit Mode for PUA Protection and Not Block Apps

This will gray out the Potentially unwanted app blocking setting in Option Two, and prevent using Option Three.

Potentially unwanted software will not be blocked, however if this feature would have blocked access if it were set to Block (enable), then a record of the event will be in the event logs.


A) Select (dot) Enabled, select Audit Mode in the Options drop down menu, click/tap on OK, and go to step 9 below. (see screenshot below)​

Microsoft_Defender_for_PUA_gpedit-5.png

7 Always Disable Microsoft Defender PUA Protection and Not Block Apps

This will gray out the Potentially unwanted app blocking setting in Option Two, and prevent using Option Three.


A) Select (dot) Enabled, select Disable in the Options drop down menu, click/tap on OK, and go to step 9 below. (see screenshot below)​

Microsoft_Defender_for_PUA_gpedit-4.png

8 Default Allow to Change PUA Settings in Windows Security

This is the default setting.

This will allow you to change the Potentially unwanted app blocking setting using Option Two or Option Three.


A) Select (dot) Not Configured, click/tap on OK, and go to step 9 below. (see screenshot below)​

Microsoft_Defender_for_PUA_gpedit-2.png

9 You can now close the Local Group Policy Editor if you like.




Option Five

Enable or Disable Potentially Unwanted App Blocking using REG file


This changes the same policy used in Option Four.

This option will not affect Block downloads of potentially unwanted apps in Microsoft Edge setting.


1 Do step 2 (always enable), step 3 (Always audit mode), step 4 (Always disable), or step 5 (default) below for what you would like to do.

2 Always Enable PUA Protection and Block Apps

This will gray out the Potentially unwanted app blocking setting in Option Two, and prevent using Option Three.


A) Click/tap on the Download button below to download the file below, and go to step 6 below.​

Always_enable_Windows_Defender_PUA_and_block_apps.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"PUAProtection"=dword:00000001

3 Always Enable Audit Mode for PUA Protection and Not Block Apps

This will gray out the Potentially unwanted app blocking setting in Option Two, and prevent using Option Three.

Potentially unwanted software will not be blocked, however if this feature would have blocked access if it were set to Block (enable), then a record of the event will be in the event logs.


A) Click/tap on the Download button below to download the file below, and go to step 6 below.​

Always_enable_Audit_Mode_Windows_Defender_PUA_and_not_block_apps.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"PUAProtection"=dword:00000002

4 Always Disable PUA Protection and Not Block Apps

This will gray out the Potentially unwanted app blocking setting in Option Two, and prevent using Option Three.


A) Click/tap on the Download button below to download the file below, and go to step 6 below.​

Always_disable_Windows_Defender_PUA_protection_and_not_block_apps.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"PUAProtection"=dword:00000000

5 Default Allow to Change PUA Settings in Windows Security

This is the default setting.

This will allow you to change the Potentially unwanted app blocking setting using Option Two or Option Three.


A) Click/tap on the Download button below to download the file below, and go to step 6 below.​

Default_allow_set_Windows_Defender_PUA_in_Windows_Security.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"PUAProtection"=-

6 Save the .reg file to your desktop.

7 Double click/tap on the downloaded .reg file to merge it.

8 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

9 You can now delete the downloaded .reg file if you like.


That's it,
Shawn Brink
 

Attachments

  • Windows_Security.png
    Windows_Security.png
    6 KB · Views: 136
  • Always_disable_Windows_Defender_PUA_protection_and_not_block_apps.reg
    634 bytes · Views: 293
  • Always_enable_Audit_Mode_Windows_Defender_PUA_and_not_block_apps.reg
    638 bytes · Views: 254
  • Always_enable_Microsoft_Defender_PUA_and_block_apps.reg
    642 bytes · Views: 227
  • Default_allow_set__Windows_Defender_PUA_in_Windows_Security.reg
    616 bytes · Views: 244
Last edited:
Hi,
This one is quite ironic seeing all the DUA = definitely unwanted apps exist in 10 and 11 so ms can not be a judge of PUA :lmao:
 

My Computer

System One

  • OS
    Win-7-10-11Pro's
    Computer type
    PC/Desktop
    Manufacturer/Model
    Acer 17" Nitro 7840sn/ 2x16gb 5600c40/ 4060/ stock 1tb-os/ 4tb sn850x
    CPU
    10900k & 9940x & 5930k
    Motherboard
    z490-Apex & x299-Apex & x99-Sabertooth
    Memory
    Trident-Z Royal 4000c16 2x16gb & Trident-Z 3600c16 4x8gb & 3200c14 4x8gb
    Graphics Card(s)
    Titan Xp & 1080ti FTW3 & evga 980ti gaming
    Sound Card
    Onboard Realtek x3
    Monitor(s) Displays
    1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24"/ 3rd LG 43" series
    Screen Resolution
    1920-1080 not sure what the t.v is besides 43" class scales from 1920-1080 perfectly
    Hard Drives
    2-WD-sn850x 4tb/ 970evo+500gb/ 980 pro 2tb.
    PSU
    1000p2 & 1200p2 & 850p2
    Case
    D450 x2 & 1 Test bench in cherry Entertainment center
    Cooling
    Custom water loops x3 with 2x mora 360mm rads only 980ti gaming air cooled
    Keyboard
    G710+x3
    Mouse
    Redragon x3
    Internet Speed
    xfinity gigabyte
    Browser
    Firefox
    Antivirus
    mbam pro

Latest Support Threads

Back
Top Bottom