Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Microsoft Unveils Protection Against Potentially Unwanted Applications

Enterprises relying on Microsoft’s System Center Endpoint Protection (SCEP) or Forefront Endpoint Protection (FEP) to keep their Windows environments safe can now take advantage of new potentially unwanted application (PUA) protection, Microsoft has announced.

Enterprises relying on Microsoft’s System Center Endpoint Protection (SCEP) or Forefront Endpoint Protection (FEP) to keep their Windows environments safe can now take advantage of new potentially unwanted application (PUA) protection, Microsoft has announced.

The company recently revealed that an optional PUA protection feature is now available for SCEP and FEP customers, helping enterprises to automatically block PUAs at download and install time. 

Microsoft Logo

A potentially unwanted application is a program or application bundler that may contain components such as adware, toolbars or other application with questionable intentions. The installation of such applications increases the risk of a network being infected with malware and makes it more difficult to identify infections.

Starting last week, Microsoft made it possible for IT administrators to enable the PUA protection feature as a Group Policy setting in SCEP and FEP, and the configuration is available in Windows Defender on machines managed by SCEP, the company explains in a blog post. While the feature is disabled by default, it will start blocking PUAs after the next signature update or computer restart after being enabled.

The security option is meant to automatically identify unwanted software containing threat names that start with “PUA,” such as PUA:Win32/Creprote. According to Microsoft, the specific researcher-driven signatures are meant to identify software bundling technologies, PUA applications, and PUA frameworks.

Once the protection has been enabled, files blocked at download or install and are moved to quarantine, to ensure that they are not executed on the target machine.  Microsoft said a file will be included for blocking if it meets one of the following conditions: If they are scanned from the browser, if they have the Mark of the Web (MOTW) set, if they are in the %downloads% folder, or if they are in the %temp% folder.

To ensure that the deployed PUA protection delivers full efficiency, Microsoft recommends that businesses come up with a corporate policy or guidance to define that potentially unwanted applications should not be downloaded or installed in the enterprise environment. The company also notes that customers deploy PUA protection gradually, and that they first assess its efficiency within their environment on a subset of endpoints first.

Advertisement. Scroll to continue reading.

“With a corporate policy or guidance in place, it’s recommended to also sufficiently inform your end-users and your IT Helpdesk about the updated policy or guidance so that they are aware that potentially unwanted applications are not allowed in your corporate environment. This will preemptively inform your end-users as to why SCEP or FEP is blocking their download. By informing your helpdesk about your new policy or guidance, they can resolve end-user questions,” Microsoft explains.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.