Microsoft现在使您可以在Windows 10上的^{(Windows 10)}Windows Defender中添加针对^{(Windows Defender)}潜在有害程序 (PUP)^{(Potentially Unwanted Programs (PUPs))}或潜在有害应用程序^{(Applications)}( PUA ) 的保护。您需要编辑组策略^{(Group Policy)}、注册表^(Registry)或使用PowerShell。

此功能已由Microsoft专门为企业^(Enterprise)用户宣布，但只需稍加工作，您也可以使其在 Windows 10/8/7 PC 上运行。

The Potentially Unwanted Application protection feature is available only for enterprise customers.  If you are already one of Microsoft’s existing enterprise customers, you need to opt-in to enable and use PUA protection. PUA protection updates are included as part of the existing definition updates and cloud protection for Microsoft’s enterprise customers, says Microsoft.

潜在有害应用程序^{(Potential Unwanted Application)}( PUA ) 或PUP^(PUPs)是基于声誉和研究驱动识别的威胁分类。它们通常是Crapware或Bundleware，以及您确实不希望在您的系统上使用的此类软件，并且可能弊大于利。您可以通过部署反恶意软件策略来保护自己免受PUA或PUP的侵害。^(PUPs)默认情况下禁用此保护策略设置。

阅读：^(Read:) Windows 10 将根据这些标准阻止不需要的软件。

在Windows 10中打开可能不需要的程序保护^{(Potentially Unwanted Programs Protection)}

为此，您必须修改Windows 注册表^{(Windows Registry)}。注册表项根据您的产品版本而有所不同，并且对于System Center Endpoint Protection、Forefront Endpoint Protection、Microsoft Security Essentials或Windows Defender不同，如上图所示。

PUA保护将隔离PUP文件并阻止它们在满足以下条件之一时运行：

1. 正在从浏览器扫描文件
2. 该文件具有 Web 标记集
3. 该文件位于 %downloads% 文件夹中
4. 或者，如果 %temp% 文件夹中的文件。

在开始之前，您应该知道 Windows 10 现在允许您使用Windows 安全性禁用或^{(Windows Security)}启用针对潜在有害应用程序^{(enable protection against Potentially Unwanted Applications)}(PUA) 的保护。

使用组策略

1. 打开 gpedit.msc并导航到以下设置：
2. 计算机^(Computer)配置> Administrative模板 > Windows组件 > Windows Defender 防病毒^{(Windows Defender Antivirus)}。
3. 双击^{(Double-click Configure)}为可能不需要的应用程序配置保护。
4. 选择^(Select)启用以启用PUA保护。
5. 在选项中，选择阻止以阻止可能不需要的应用程序^{(Block to block potentially unwanted applications)}，或选择审核模式^{(Audit Mode)}以测试该设置在您的环境中的工作方式。
6. 选择确定。

重新启动系统。

使用注册表

要使Windows Defender保护您免受可能不需要的程序^(Programs)的侵害，请运行^(Run)regedit 打开注册表编辑器^{(Registry Editor)}并导航到以下项：

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender

在这里，右键单击Windows Defender并选择New > Key > Name为MpEngine。

现在右键单击MpEngine并选择New > DWORD (32-bit) Value > Name为MpEnablePus并为其赋值1。

• 默认值为 0，禁用潜在不需要的应用程序保护^{(Application)}
• 值为 1 时启用可能不需要的应用程序^{(Potentially Unwanted Application)}保护。具有不良行为的应用程序将在下载和安装时被阻止。

重新启动 Windows 计算机。

使用 PowerShell

您还可以使用PowerShell cmdlet 来配置PUA保护功能。使用以下命令：

Set-MpPreference -PUAProtection <PUAProtectionType>

<PUAProtectionType> 的选项：

• 将此 cmdlet 的值设置为Enabled以打开该功能。
• 将其设置为AuditMode以仅检测但不阻止PUA^(PUAs)。
• 将其设置为Disabled以关闭 PUA 保护，

在Windows 10中，当^{(Windows 10)}PUP文件被阻止时，将显示以下对话框：

如果您希望确保 PUA 功能已启用^{(make sure the PUA feature has been enabled)}并正常工作，您可以访问amtso.org单击下载可能不需要的应用程序测试文件^{(Download the Potentially Unwanted Application test file)}链接，并检查它是否被自动阻止下载或运行。

您可以在 Windows Defender 中管理隔离项目^{(manage Quarantined items)}并从隔离区中删除或还原文件^{(remove or restore files from Quarantine in Windows Defender)}。

提示^(TIP)：如果您认为您开发的程序被错误地识别为 PUA ，您可以在^{(wrongfully identified as PUA)}此处^(here)提交文件。

相关阅读^{(Related read)}：在 Edge 浏览器中启用可能不需要的应用程序 (PUA) 保护^{(Enable Potentially Unwanted Application (PUA) protection in Edge browser)}。

这篇文章展示了如何通过更改一些组策略设置将Windows Defender 保护强化到 Windows 10 上的最高级别。^{(harden Windows Defender protection to the highest levels)(This post shows how you can harden Windows Defender protection to the highest levels on Windows 10 by changing a few Group Policy settings.)}

Turn On Potentially Unwanted Program Protection: GPO, Regedit, PowerShell

Microsoft has now mаde іt possible for you to add protection against Potentially Unwanted Programs (PUPs) or Potentially Unwanted Applications (PUA) to your Windows Defender on Windows 10. You need to edit the Group Policy, Registry or use PowerShell.

This feature has been announced by Microsoft exclusively for Enterprise users only, but with a little bit of work, you can make it work on your Windows 10/8/7 PCs too.

The Potentially Unwanted Application protection feature is available only for enterprise customers.  If you are already one of Microsoft’s existing enterprise customers, you need to opt-in to enable and use PUA protection. PUA protection updates are included as part of the existing definition updates and cloud protection for Microsoft’s enterprise customers, says Microsoft.

Potential Unwanted Application (PUA) or PUPs is a threat classification based on reputation and research-driven identification. They are typically Crapware or Bundleware, and such software that you really do not want on your system, and which could potentially do more harm than good. You can protect yourself from PUA or PUPs by deploying an antimalware policy. This protection policy setting is disabled by default.

Read: Windows 10 will block Unwanted Software based on these criteria.

Turn On Potentially Unwanted Programs Protection in Windows 10

To do this, you will have to modify the Windows Registry. The registry key varies according to your product version, and is different for System Center Endpoint Protection, Forefront Endpoint Protection, Microsoft Security Essentials or Windows Defender, as shown in the above image.

PUA protection will quarantine the PUP file and prevent them from running if it meets one of the following conditions:

1. The file is being scanned from the browser
2. The file has Mark of the Web set
3. The file is in the %downloads% folder
4. Or if the file in the %temp% folder.

Before you begin, you should know that Windows 10 now allows you to disable or enable protection against Potentially Unwanted Applications (PUA) using Windows Security.

Using Group Policy

1. Open gpedit.msc and navigate to the following setting:
2. Computer configuration > Administrative templates > Windows components > Windows Defender Antivirus.
3. Double-click Configure protection for potentially unwanted applications.
4. Select Enabled to enable PUA protection.
5. In Options, select Block to block potentially unwanted applications, or select Audit Mode to test how the setting will work in your environment.
6. Select OK.

Restart your system.

Using Registry

To make Windows Defender protect you against Potentially Unwanted Programs, Run regedit to open the Registry Editor and navigate to the following key:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender

Here, right-click on Windows Defender and select New > Key > Name it MpEngine.

Now right-click on MpEngine and select New > DWORD (32-bit) Value > Name it MpEnablePus and give it a value 1.

• With a value of 0 which is the default, Potentially Unwanted Application protection is disabled
• With a value of 1 Potentially Unwanted Application protection is enabled. The applications with unwanted behavior will be blocked at download and install-time.

Restart your Windows computer.

Using PowerShell

You can also use a PowerShell cmdlet to configure the PUA protection feature. Use the following command:

Set-MpPreference -PUAProtection <PUAProtectionType>

Options for <PUAProtectionType>:

• Set the value for this cmdlet to Enabled to turn the feature on.
• Set it to AuditMode to only detect but not block the PUAs.
• Set it to Disabled to turn off PUA protection,

In Windows 10, the following dialog box will be displayed, when a PUP file is blocked:

If you wish to make sure the PUA feature has been enabled and is working properly, you may visit amtso.org click on the Download the Potentially Unwanted Application test file link, and check if it is automatically blocked from being downloaded or run.

You can manage Quarantined items and remove or restore files from Quarantine in Windows Defender.

TIP: If you think that a program developed by you has been wrongfully identified as PUA, you can submit the file here.

Related read: Enable Potentially Unwanted Application (PUA) protection in Edge browser.

This post shows how you can harden Windows Defender protection to the highest levels on Windows 10 by changing a few Group Policy settings.

Related posts

• 如何在Windows 10中启用或禁用Tamper Protection

• 在Windows Defender启用和配置Ransomware Protection

• 在Windows 10启用潜在的Unwanted Applications protection

• 使用Group Policy & PowerShell配置受控Folder Access

• 如何在Windows 10的Exploit Protection中添加或排除应用程序

• 如何在Microsoft Defender停止Automatic Sample Submission

• 您的IT administrator已禁用Windows Security

• Windows Information Protection（WIP）自动保护分类文件

• 什么是Windows 10中的App & Browser Control以及如何隐藏它

• 如何打开Windows Security Center在Windows 10

• Update Windows Defender定义使用PowerShell

• Windows Defender在Windows 10中没有自动更新

• Fix Microsoft Defender error 0x80073b01在Windows 10上

• Error 0x800106ba，Windows Defender Application未能初始化

• Block Canvas Fingerprinting在Chrome中Canvas Defender

• 使用ConfigureDefender立即更改Windows Security设置

• 什么是Google Advanced Protection Program？

• Fix Windows Defender error 0x8007139f在Windows 11/10上

• Windows 10中的Remove Windows Defender Notification Icon

• 从Windows Security修改Exploit Protection防止用户