You’re browsing the internet and find an app you want - we’ll call it “ContosoApp”. Being thrifty, you search for a free version of ContosoApp and bingo, you found it! You download “ContosoApp - Free” and select “Next” and “Continue” right on through the installation. Little did you notice that you agreed to allow all sorts of apps to be installed along with ContosoApp. One of them may be an ad injector which serves pop-up ads when you least expect it. Another is a new browser extension that sends your online activity to a marketing company. You also just quietly got a new anti-virus product, so Windows Defender Antivirus is no longer protecting your machine.
This is a class of software called potentially unwanted apps (PUA) and they’re very common.
Tell me more about PUA
Potentially unwanted applications (PUA) are a category of software that can cause your device to run slowly, display unexpected ads, or at worst, install other software which may be more harmful or annoying. PUA isn’t malware, but it can do a lot of things with your device (or your data) you’d prefer it not do.
There are a few general categories of PUA which include:
- Advertising – Displays ads or promotions in software other than itself. Like popping ads over webpages you visit.
- Torrent (Blocked for enterprise customers only) – Used to create or download torrents or other files used with peer-to-peer file sharing.
- Cryptomining – Uses the resources on your device to mine cryptocurrencies like Bitcoin or others.
- Bundling – Offers to install other software that isn’t from the same publisher, some of which could have very different purposes than the app you intended to download.
- Marketing – Monitors what you do in other apps on your computer and sends that information to somebody else for marketing research purpose
- Evasion – Actively tries to evade detection by security products like antivirus or antispyware scanners.
- Poor reputation – Software known to the security industry as being untrustworthy, or offered by publishers with a known history of creating such apps.
How did PUA get on my machine?
None of these apps sink to the level of being considered malware, so your antivirus software doesn’t block them, and you agreed to their installation and terms of service when you were clicking “Next...Continue...Next...” during the install process. They may not be malicious, but they’re certainly annoying and they’re almost certainly slowing your computer down and eating up your resources.
This scenario is extremely common, in fact, it’s the most common way that people get unexpected apps on their devices. The good news is, now there is something to help you make more informed decisions and prevent unwanted apps from getting on your device.
In the Windows 10 May 2020 Update we’ve added a feature that until now has only been available to enterprises: Potentially Unwanted App blocking. Now available to everyone running Windows 10!
How can I protect myself?
The first step is to be reluctant to install new apps, especially if they’re not from trusted publishers. It’s one thing to install the latest piece of software from well-known companies, but installing an app from a publisher you’ve never heard of should give you at least a moment of pause.
The second step is to make sure that your system is up-to-date by going to Windows Update in settings and checking to ensure you have the latest updates installed.
The third step is to turn on potentially unwanted app blocking in Windows 10. Windows Security supports what we call “Reputation-based protection”. With this setting turned on Microsoft Defender will watch for PUA and give you the opportunity to stop any items that it spots.
To turn potentially unwanted app blocking on in Windows Security:
1. Go to the search menu by clicking the search button on the taskbar, or pressing Windows Logo Key + S, then type Windows Security and press Enter to launch the app.
2. In the Windows Security app go to App & browser control > Reputation-based protection settings.
3. There you'll find a control that lets you turn potentially unwanted app blocking on, and select if you want to block apps, downloads, or both.
This feature is turned off by default. We recommend that you turn it on, and that you enable both block apps and block downloads.
- Block apps will detect PUA that you've already downloaded or installed, so if you're using a different browser, or if you got the PUA before turning this on, Windows Security can still help protect you.
- Block downloads looks for PUA as it's being downloaded, but it only works with the new Microsoft Edge browser.
What does it look like when PUA is found?
So now that you have turned it on what’s going to happen if Windows Security finds some PUA? The most common thing that will probably happen is that either just after you have downloaded some PUA, or the next time that you try to run some PUA, you’ll see a notification in the bottom right corner of the screen that looks like this:
If you click on the notification it will take you to the Virus & threat protection area in Windows Security.
There you’ll see a notification that looks like this:
Click on the name of the PUA found to reveal the actions you can take on this file.
Select the action you want to take, such as Remove or Quarantine then select Start actions.
Important: You need to select an action before clicking Start actions otherwise no action will actually be taken on that PUA.
If you think something is incorrectly labeled/not labeled as PUA you can follow the steps on this guide to let us know: https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/submission-guide
With potentially unwanted app blocking in Windows 10 you have a powerful new tool to control what apps get installed on your computer.