Microsoft to Block Unwanted Apps in Windows

Microsoft to Block Unwanted Apps in Windows

Microsoft has turned up the heat on makers of potentially unwanted applications (PUAs) with a new opt-in feature for enterprise Windows users.

The OS giant claimed in a blog post late last week that the new capabilities built into System Center Endpoint Protection (SCEP) and Forefront Endpoint Protection (FEP) will stop PUAs at download and install time.

“These applications can increase the risk of your network being infected with malware, cause malware infections to be harder to identify among the noise, and can waste helpdesk, IT, and user time cleaning up the applications,” the blog post explained.

“Since the stakes are higher in an enterprise environment, the potential disaster that PUA brings can be a cause of concern. Hence, it is important to deliver trusted protection in this field.”

PUAs are associated with ad-injection, software bundling and “persistent solicitation for payment for services based on fraudulent claims.”

Microsoft explained that system administrators can enable the PUA protection feature via a Group Policy setting, with the tool kicking in after the next signature update or computer restart.

The firm advised IT staff to plan ahead for their PUA protection deployment.

This includes ensuring that any corporate guidelines or policies are updated to make it clear PUAs will be blocked, and that IT helpdesk and users are made aware of this.

“Finally, if you expect a lot of end-users in your environment to be downloading or installing PUA, then it is recommended that machines be gradually enrolled into the PUA protection,” Microsoft added.

“In other words, deploy the PUA opt-in policy to a subset of machines, observe the number of detections, determine if you'd want to allow any of them in your enterprise, add exclusions for them (all exclusions mechanisms are supported—file name, folder, extension, process) and then gradually roll-out the opt-in policy to a larger set of machines.”

Photo © Adriano Castelli/

Source: Information Security Magazine