Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Microsoft Unveils Protection Against Potentially Unwanted Applications

Enterprises relying on Microsoft’s System Center Endpoint Protection (SCEP) or Forefront Endpoint Protection (FEP) to keep their Windows environments safe can now take advantage of new potentially unwanted application (PUA) protection, Microsoft has announced.

Enterprises relying on Microsoft’s System Center Endpoint Protection (SCEP) or Forefront Endpoint Protection (FEP) to keep their Windows environments safe can now take advantage of new potentially unwanted application (PUA) protection, Microsoft has announced.

The company recently revealed that an optional PUA protection feature is now available for SCEP and FEP customers, helping enterprises to automatically block PUAs at download and install time. 

Microsoft Logo

A potentially unwanted application is a program or application bundler that may contain components such as adware, toolbars or other application with questionable intentions. The installation of such applications increases the risk of a network being infected with malware and makes it more difficult to identify infections.

Starting last week, Microsoft made it possible for IT administrators to enable the PUA protection feature as a Group Policy setting in SCEP and FEP, and the configuration is available in Windows Defender on machines managed by SCEP, the company explains in a blog post. While the feature is disabled by default, it will start blocking PUAs after the next signature update or computer restart after being enabled.

The security option is meant to automatically identify unwanted software containing threat names that start with “PUA,” such as PUA:Win32/Creprote. According to Microsoft, the specific researcher-driven signatures are meant to identify software bundling technologies, PUA applications, and PUA frameworks.

Once the protection has been enabled, files blocked at download or install and are moved to quarantine, to ensure that they are not executed on the target machine.  Microsoft said a file will be included for blocking if it meets one of the following conditions: If they are scanned from the browser, if they have the Mark of the Web (MOTW) set, if they are in the %downloads% folder, or if they are in the %temp% folder.

To ensure that the deployed PUA protection delivers full efficiency, Microsoft recommends that businesses come up with a corporate policy or guidance to define that potentially unwanted applications should not be downloaded or installed in the enterprise environment. The company also notes that customers deploy PUA protection gradually, and that they first assess its efficiency within their environment on a subset of endpoints first.

“With a corporate policy or guidance in place, it’s recommended to also sufficiently inform your end-users and your IT Helpdesk about the updated policy or guidance so that they are aware that potentially unwanted applications are not allowed in your corporate environment. This will preemptively inform your end-users as to why SCEP or FEP is blocking their download. By informing your helpdesk about your new policy or guidance, they can resolve end-user questions,” Microsoft explains.

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Malware & Threats

Security researchers are warning of a new wave of malicious NPM and PyPI packages designed to steal user information and download additional payloads.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...