The Demise of the PUA

, , ,

Sometimes the fix is worse than the problem. This may be one of those situations.

PUA Defined

A PUA is a potentially unwanted application that can clog up your computer causing it to run slowly. That isn’t their worse offense, however. They can display unwanted and unexpected ads. Harmful software can also be installed without your knowledge. That explains why the demise of the PUA is so important and welcome.

Although not considered malware, viruses, or other types of threats, these PUAs can include torrent miners (A torrent is a file sent via the BitTorrent protocol. It can be just about any type of file, such as a movie, song, game, or application), marketing software and even bundling software. Chances are these programs are not anything you wanted or needed or downloaded knowingly.

Shawn Brink from TenForums (https://tinyurl.com/4htafyzh) explains:

  • Advertising software: Software that displays advertisements or promotions, including software that inserts advertisements to webpages.
  • Bundling software: Software that offers to install other software that is not digitally signed by the same entity. Also, software that offers to install other software that qualifies as PUA.
  • Evasion software: Software that actively tries to evade detection by security products, including software that behaves differently in the presence of security products.

 

Microsoft takes it a step further by including additional types of programs:

  • Torrent software (Enterprise only): Software that is used to create or download torrents or other files specifically used with peer-to-peer file-sharing technologies.
  • Cryptomining software: Software that uses your device resources to mine cryptocurrencies.
  • Marketing software: Software that monitors and transmits the activities of users to applications or services other than itself for marketing research.
  • Poor industry reputation: Software that trusted security providers detect with their security products. The security industry is dedicated to protecting customers and improving their experiences. Microsoft and other organizations in the security industry continuously exchange knowledge about files we have analyzed to provide users with the best possible protection.

The Fix

Microsoft has already developed a fix that will be the demise of the PUA by including an optional PUA blocking feature in the May 2020 update. When first added, it was turned off by default, but a user could turn it on themselves. As of this month (August 2021) Microsoft has enabled this blocking function to run automatically (https://tinyurl.com/ucmxs47z). And there lies the problem.

Anyone running a 2004 or newer Windows version will be affected by this fix.

The Problem

Although blocking PUAs is a welcome security enhancement, Microsoft’s turning it on can cause some valid apps to also be blocked.

For example, crypto mining applications and torrent software commonly have legitimate purposes but may now be detected by Microsoft Defender and removed.

In those, cases it is advised that you create exclusions in Microsoft Defender to prevent those files from being quarantined rather than disabling the entire feature.

In addition to blocking these legitimate programs, Windows 10 will also block PUAs from being downloaded onto your system. Just be aware, this second feature doesn’t work on any browser other than Microsoft Edge.

Protect Your Systems

Luckily, Microsoft offers quite a bit of support related to PUAs. For more details, click on any of the links below:

  Protect your PC from potentially unwanted applications | Microsoft Support

  Detect and block potentially unwanted applications | Microsoft Docs

  Shields up on potentially unwanted applications in your enterprise – Microsoft Security Blog

  Microsoft Malware Protection Center – How Microsoft antimalware products identify potentially unwanted software

  Potentially unwanted apps will be blocked by default | Microsoft Support

Delete the Fix

If you have decided that you don’t want or need the fix designed for the demise of the PUA, Microsoft has published the following directions for removing it.

  1. Open the Windows Security setting screen
  2. Click on App & browser control
  3. Select Reputation-based protection settings.

Here you can disable the “potentially unwanted app blocking” setting:

 

The ‘Block Apps’ option will enable Microsoft Defender’s built-in PUA scanning and blocking feature. The ‘Block downloads’ will control whether the ‘Block potentially unwanted apps’ setting is enabled in the new Microsoft Edge browser. It does not work in Google and other browsers. When enabled, SmartScreen will block PUAs and PUPs as they are downloaded

 

Keep in mind the fix for the fix is NOT included in Windows 11 – yet.

Want to know more? Give us a call at 904.638.8406, send us an email at info@workforceitjax.com, or complete our form.