New Protection from Unwanted Applications

Wednesday, December 2, 2015 @ 04:12 PM gHale

Optional PUA protection feature is now available for SCEP and FEP users. While that mouthful of acronyms may sound frightening, the end result is enterprises may be able to automatically block potentially unwanted applications (PUAs) during download and installation.

This is all for enterprises relying on Microsoft’s System Center Endpoint Protection (SCEP) or Forefront Endpoint Protection (FEP) to keep their Windows environments safe.

Edge Now Blocks Code Injection
Microsoft’s Security Updates
Subsystem can Bypass EMET Security
Unsupported ICS: Not an Easy Upgrade

A potentially unwanted application is a program or application bundler that may contain components such as adware, toolbars or other applications with questionable intentions. The installation of the applications increases the risk of malware infecting a network.

Microsoft made it possible for IT administrators to enable the PUA protection feature as a Group Policy setting in SCEP and FEP, and the configuration is available in Windows Defender on machines managed by SCEP, the company said in a blog post. While disabled by default, after it ends up enabled the feature will start blocking PUAs after the next signature update or computer restart.

The security option is meant to automatically identify unwanted software containing threat names.

Once enabled it will block files at download or install and then move them to quarantine, to ensure they do not execute on the target machine.

To ensure the deployed PUA protection delivers full efficiency, Microsoft recommends businesses create a corporate policy or guidance to define potentially unwanted applications that should not end up downloaded or installed in the enterprise environment. The company also notes customers deploy PUA protection gradually, and they first assess its efficiency within their environment on a subset of endpoints first.