Policy
Configure detection for potentially unwanted applications
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016
Enable or disable detection for potentially unwanted applications. You can choose to block, audit, or allow when potentially unwanted software is being downloaded or attempts to install itself on your computer. Enabled: Specify the mode in the Options section: -Block: Potentially unwanted software will be blocked. -Audit Mode: Potentially unwanted software will not be blocked, however if this feature would have blocked access if it were set to Block, then a record of the event will be in the event logs. Disabled: Potentially unwanted software will not be blocked. Not configured: Same as Disabled.
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Element | Type | Registry mapping | Constraints & behavior |
|---|---|---|---|
Configure detection for potentially unwanted applications ID Root_PUAProtection | enum | HKLM\Software\Policies\Microsoft\Windows Defender\PUAProtection Type REG_DWORD | Options: Disable (Default) (0), Block (1), Audit Mode (2) |
Other policies in this category
Explore related policies at the same level.
- ComputerAllow antimalware service to remain running alwaysAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerAllow antimalware service to startup with normal priorityAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerConfigure local administrator merge behavior for listsAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerConfigure scheduled task times randomization windowAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerControl whether exclusions are visible to local usersAt least Windows Server 2016, Windows 10 Version 1607
- ComputerControl whether or not exclusions are visible to Local AdminsAt least Windows Server 2016, Windows 10 Version 1607
- ComputerDefine addresses to bypass proxy serverAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerDefine proxy auto-config (.pac) for connecting to the networkAt least Windows Server 2016, Windows 10
- ComputerDefine proxy server for connecting to the networkAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerDefine the directory path to copy support log filesAt least Windows Server 2016, Windows 10 Version 1607
- ComputerRandomize scheduled task timesAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerSelect the channel for Microsoft Defender daily security intelligence updatesAt least Windows Server 2016, Windows 10 Version 1607