Last Update: Sep 04, 2024 | Published: Jun 10, 2020
Windows 10 protects users from malicious downloads using a feature called SmartScreen. Windows Defender SmartScreen uses reputation-based protection to defend users against phishing and malware websites and applications, and potentially malicious files.
SmartScreen has two mechanisms for protecting users. First, it analyzes webpages for suspicious behavior. Secondly, sites and apps are checked against a constantly updated list of reported malicious sites. If a webpage is deemed suspect or it is on Microsoft’s list, SmartScreen displays a warning that the page may not be safe.
Potentially Unwanted Apps (PUA) are not viruses or malware. Microsoft defines PUAs as other types of threats that might affect Windows performance or use; or that have a poor reputation. Examples of PUAs include software that contains advertising, app installers that bundle offers to install other software that isn’t signed by the same certificate as the downloaded file, and apps that are designed to evade security software.
Users that are running the Windows 10 May 2020 Update or later can enable PUA protection in the Windows Security app.
If you are using the new Edge browser, enabling PUA Block downloads in Windows Security turns on PUA protection in the browser settings, which you can find here: edge://settings/privacy
If you are using an earlier version of Windows 10, PUA protection can be enabled using Group Policy. All you need to do is enable the Configure detection for potentially unwanted applications setting under Computer Configuration > Administrative Templates > Windows Components > Windows Defender Antivirus.
Once Configure detection for potentially unwanted applications is set to Enabled, choose Block or Audit mode from the menu under Options. Selecting Block displays a warning message to users if a malicious app is detected. Audit mode records an event in the event log without displaying a warning message to users.
For more information on using Group Policy, see How to Create and Link a Group Policy Object in Active Directory on Petri.
As I mentioned above, the new Microsoft Edge browser also has a setting where you can enable PUA protection.
PUA protection isn’t enabled by default in the Windows 10 May 2020 Update. If you haven’t already tested the feature, run a pilot in your organization to determine whether it is effective and that it doesn’t block files that users need to download. You can test out PUA protection and other SmartScreen protections at the SmartScreen demo pages here.