You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
+10-4Lines changed: 10 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,7 +16,7 @@ ms.collection:
16
16
- tier2
17
17
- mde-ngp
18
18
search.appverid: met150
19
-
ms.date: 03/04/2025
19
+
ms.date: 04/01/2025
20
20
---
21
21
22
22
# Detect and block potentially unwanted applications
@@ -106,6 +106,12 @@ You can enable PUA protection with Microsoft Defender for Endpoint Security Sett
106
106
107
107
At first, try using PUA protection in audit mode. It detects potentially unwanted applications without actually blocking them. Detections are captured in the Windows Event log. PUA protection in audit mode is useful if your company is conducting an internal software security compliance check and it's important to avoid false positives.
108
108
109
+
| Operating systems |Potentially Unwanted Protection (PUA) by default is set to:|
110
+
| -------- | -------- |
111
+
|Windows 11, Windows 10, Windows Server 2025, Windows Server 2022, Windows Server 2019, Windows Server 2016|Audit mode (2)|
112
+
|Windows 11, Windows 10 + Microsoft Defender for Endpoint Plan 1 or Microsoft Defender for Endpoint Plan 2 or Microsoft Endpoint for Business|Block mode (1)|
113
+
|Windows Server 2025, Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2 with the unified Microsoft Defender for Endpoint client + Microsoft Defender for Servers Plan 1 or Microsoft Defender for Servers Plan 2 or Microsoft Defender for Endpoint for servers|Block mode (1) |
114
+
109
115
### Use Microsoft Defender for Endpoint Security Settings Management to configure PUA protection
110
116
111
117
See the following articles:
@@ -156,7 +162,7 @@ For System Center 2012 Configuration Manager, see [How to Deploy Potentially Unw
156
162
Set-MpPreference -PUAProtection Enabled
157
163
```
158
164
159
-
Setting the value for this cmdlet to `Enabled` turns on the feature if it is disabled.
165
+
Setting the value for this cmdlet to `Enabled` turns on the feature if it's disabled.
160
166
161
167
#### To set PUA protection to audit mode
162
168
@@ -186,8 +192,8 @@ get-mpPreference | ft PUAProtection
186
192
|Value | Description|
187
193
| -------- | -------- |
188
194
|`0`| PUA Protection off (Default). Microsoft Defender Antivirus won't protect against potentially unwanted applications. |
189
-
|`1`| PUA Protection on. Detected items are blocked. They will show in history along with other threats.|
190
-
|`2`| Audit mode. Microsoft Defender Antivirus will detect potentially unwanted applications but take no action. You can review information about the applications Windows Defender would've taken action against by searching for events created by Windows Defender in the Event Viewer.|
195
+
|`1`| PUA Protection on. Detected items are blocked. They'll show in history along with other threats.|
196
+
|`2`| Audit mode. Microsoft Defender Antivirus detects potentially unwanted applications but take no action. You can review information about the applications Windows Defender would've taken action against by searching for events created by Windows Defender in the Event Viewer.|
191
197
192
198
For more information, see [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender Antivirus cmdlets](/powershell/module/defender/index).
0 commit comments