Policy

Configure detection for potentially unwanted applications

Microsoft Windows

Back to Microsoft Defender AntivirusBack to main
Configure detection for potentially unwanted applications
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
Windows Components > Microsoft Defender Antivirus
Supported on
At least Windows Server 2016, Windows 10 Version 1607

Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016

Enable or disable detection for potentially unwanted applications. You can choose to block, audit, or allow when potentially unwanted software is being downloaded or attempts to install itself on your computer. Enabled: Specify the mode in the Options section: -Block: Potentially unwanted software will be blocked. -Audit Mode: Potentially unwanted software will not be blocked, however if this feature would have blocked access if it were set to Block, then a record of the event will be in the event logs. Disabled: Potentially unwanted software will not be blocked. Not configured: Same as Disabled.

Internal name
Root_PUAProtection
Policy ID
e8d8ad2ca611
Elements
1

Registry values

How enabled and disabled states update the registry.

No explicit registry values are set for enabled or disabled states.

Policy elements

Inputs and configuration options exposed by this policy.

ScopeElementTypeRegistry mappingConstraints & behaviorCopy
Computer
Configure detection for potentially unwanted applications
ID Root_PUAProtection
enum
Path
Software\Policies\Microsoft\Windows Defender
Value name
PUAProtection
Type
REG_DWORD
Options: Disable (Default) (0), Block (1), Audit Mode (2)
Configure detection for potentially unwanted applications
Computer · Type enum
Registry mapping
Path
Software\Policies\Microsoft\Windows Defender
Value name
PUAProtection
Type
REG_DWORD
Details
Options: Disable (Default) (0), Block (1), Audit Mode (2)