Microsoft takes on Potentially Unwanted Applications

Starting March 1, 2018Windows Defender Antivirus and other Microsoft security products will classify programs that display coercive messages as unwanted software, which will be detected and removed. If you’re a software developer and want to validate the detection of your programs, visit the Windows Defender Security Intelligence portal.


Unwanted software

Identifying and analyzing unwanted software is a complex challenge. New forms of unwanted software are constantly under development. The same technology that can make software unwanted also appears in software that you want to keep and use (such as antivirus or antimalware software). It’s not always possible to automatically determine whether a program is something you want to keep or something you want to remove.


Evaluation criteria

Microsoft researchers use the following categories to determine whether to add a program to the definition library, and what classification type, risk level, and recommendation to give it:

  • Unwanted behaviorThe software runs unwanted processes or programs on your PC, does not display adequate disclosures about its behavior or obtain adequate consent, prevents you from controlling its actions while it runs on your computer, prevents you from uninstalling or removing the program, prevents you from viewing or modifying browser features or settings, makes misleading or inaccurate claims about the state of your PC, or circumvents user consent dialogs from the browser or operating system.
  • AdvertisingThe software delivers out-of-context advertising that interferes with the quality of your computing experience, regardless of whether you consented to this behavior or not.
  • AdvertisementsThe advertisement should not mislead you into visiting another site or downloading files.
  • PrivacyThe software collects, uses, or communicates your information without your explicit consent.
  • Consumer opinionMicrosoft considers input from individual users as a key factor in helping to identify new unwanted behaviors and programs that might interfere with the quality of your computing experience.

The most important part with PUA is the fact that they scary consumers to buy, by presenting unreal and untrue statistics about their computer:

  • Display exaggerated claims about the system’s health.
  • Make misleading or inaccurate claims about files, registry entries, or other items on the system.
  • Decrease computer reliability.
  • Reports errors in an exaggerated or alarming manner about the user’s system and requires the user to pay for fixing the errors or issues monetarily or by performing other actions such as taking a survey, downloading a file, signing up for a newsletter, etc.
  • Suggests that no other actions will correct the reported errors or issues
  • Requires the user to act within a limited period of time to get the purported issue resolved


Read more about these here:


© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check for seeing the consulting services we offer.

Visit for latest security news in English
Besuchen Sie für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .
%d bloggers like this: