How to Configure Windows to Block Potentially Unwanted Applications

A recent Windows 10 security update includes one of the most useful new security features that Microsoft has released in quite some time. It’s a mechanism that is designed to block the installation of what Microsoft calls potentially unwanted applications, or PUAs.

Potentially unwanted applications are essentially applications that you probably don’t want installed on your system. There is a well-known website, for instance, that acts as a repository for various types of free software (freeware, trials, etc.). The problem with using this particular website is that it often features prominently placed download buttons that, when clicked, cause an unwanted application to be downloaded instead of the intended application. The site does provide legitimate download links, as it claims, but visitors are often hard pressed to differentiate between the real download link and the fake one. Even if a visitor to the site does manage to click the right link, his or her download may be bundled with other software that they do not want.

These are all examples of potentially unwanted software. Other examples might include malware or applications that are silently installed when a user visits a website.

To block potentially unwanted applications, log into Windows 10, and make sure that the operating system has been fully updated with all of the latest patches. Then go to Settings and click Update and Security, followed by Windows Security. The Windows Security page that pops up defines several different protection areas, such as virus and threat protection, account protection, and firewall and network protection. You can see the available options in Figure 1.

PUA 1

Figure 1

The Windows Security page lists a number of different protection areas.

At this point, you will need to click on the App and Browser Control option. This will cause Windows to open the App and Browser Control screen shown in Figure 2.

PUA 2

Figure 2

The App and Browser Control screen provides an option to turn on reputation-based protection.

As you look at the figure above, you will notice that the screen contains a section called reputation-based protection. This is where you go to enable protection against potentially unwanted applications. As you can see in the figure, however, reputation-based protection is disabled by default. You will therefore need to click the Turn On button to enable the feature.

When you click the Turn On button, the button will disappear and will be replaced by a link to the reputation-based protection settings. Click on this link. Upon doing so, Windows will display the screen that is shown in Figure 3.

PUA 3

Figure 3

The reputation-based protection screen provides options for protecting your system against the installation of potentially unwanted applications.

As you can see in the screen capture, the settings related to reputation-based protection are rather simple and straightforward. There is a slide bar that you can use to turn Potentially Unwanted Applications blocking on, and there are two checkboxes for blocking unwanted apps and blocking unwanted downloads. There is also a Protection History link that you can click to see if Windows has blocked any applications from being downloaded or installed.

These configuration options are so simple because Windows does all of the heavy lifting behind the scenes. Microsoft maintains a collection of information about the reputation of various applications. If a user attempts to download or install an application that has a bad reputation (even unknowingly), these settings will block the application.

While you are on the reputation-based protection screen, it is worth taking a moment to review the other protective mechanisms that are available. As you can see in the figure, there are currently three additional settings available to you. The Check Apps and Files setting allows Microsoft Defender SmartScreen to check for unrecognized items being downloaded from the web. Enabling the SmartScreen for Edge setting tells Microsoft Defender SmartScreen to block malicious sites and downloads. Finally, the SmartScreen for Microsoft Store Apps setting helps to protect you against malicious web content used by Microsoft store apps.

None of these settings is designed to take the place of antimalware software, but they do add an extra layer of protection. As a best practice, it is a good idea to enable all of these settings on your users’ machines.