Enterprises relying on Microsoft’s System Center Endpoint Protection (SCEP) or Forefront Endpoint Protection (FEP) to keep their Windows environments safe can now take advantage of new potentially unwanted application (PUA) protection, Microsoft has announced.
The company recently revealed that an optional PUA protection feature is now available for SCEP and FEP customers, helping enterprises to automatically block PUAs at download and install time.
A potentially unwanted application is a program or application bundler that may contain components such as adware, toolbars or other application with questionable intentions. The installation of such applications increases the risk of a network being infected with malware and makes it more difficult to identify infections.
Starting last week, Microsoft made it possible for IT administrators to enable the PUA protection feature as a Group Policy setting in SCEP and FEP, and the configuration is available in Windows Defender on machines managed by SCEP, the company explains in a blog post. While the feature is disabled by default, it will start blocking PUAs after the next signature update or computer restart after being enabled.
The security option is meant to automatically identify unwanted software containing threat names that start with “PUA,” such as PUA:Win32/Creprote. According to Microsoft, the specific researcher-driven signatures are meant to identify software bundling technologies, PUA applications, and PUA frameworks.
Once the protection has been enabled, files blocked at download or install and are moved to quarantine, to ensure that they are not executed on the target machine. Microsoft said a file will be included for blocking if it meets one of the following conditions: If they are scanned from the browser, if they have the Mark of the Web (MOTW) set, if they are in the %downloads% folder, or if they are in the %temp% folder.
To ensure that the deployed PUA protection delivers full efficiency, Microsoft recommends that businesses come up with a corporate policy or guidance to define that potentially unwanted applications should not be downloaded or installed in the enterprise environment. The company also notes that customers deploy PUA protection gradually, and that they first assess its efficiency within their environment on a subset of endpoints first.
“With a corporate policy or guidance in place, it’s recommended to also sufficiently inform your end-users and your IT Helpdesk about the updated policy or guidance so that they are aware that potentially unwanted applications are not allowed in your corporate environment. This will preemptively inform your end-users as to why SCEP or FEP is blocking their download. By informing your helpdesk about your new policy or guidance, they can resolve end-user questions,” Microsoft explains.