deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #9061 from illfated/patch-2

Browse Source 
#9053 MarkDown code blocks & whitespace
This commit is contained in:
Denise Vangel-MSFT 2021-02-03 09:26:30 -08:00 committed by GitHub
commit 2f415a8c94
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
View File

@ -11,7 +11,7 @@ author: denisebmsft
ms.author: deniseb ms.author: deniseb
ms.custom: nextgen ms.custom: nextgen
audience: ITPro audience: ITPro
ms.date: 02/01/2021 ms.date: 02/03/2021
ms.reviewer: ms.reviewer:
manager: dansimp manager: dansimp
ms.technology: mde ms.technology: mde
@ -112,21 +112,13 @@ For System Center 2012 Configuration Manager, see [How to Deploy Potentially Unw
#### Use Group Policy to configure PUA protection #### Use Group Policy to configure PUA protection
1. Download and install [Administrative Templates (.admx) for Windows 10 October 2020 Update (20H2)](https://www.microsoft.com/download/details.aspx?id=102157) 1. Download and install [Administrative Templates (.admx) for Windows 10 October 2020 Update (20H2)](https://www.microsoft.com/download/details.aspx?id=102157)
2. On your Group Policy management computer, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). 2. On your Group Policy management computer, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)).
3. Select the Group Policy Object you want to configure, and then choose **Edit**. 3. Select the Group Policy Object you want to configure, and then choose **Edit**.
4. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**. 4. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
5. Expand the tree to **Windows Components** > **Microsoft Defender Antivirus**. 5. Expand the tree to **Windows Components** > **Microsoft Defender Antivirus**.
6. Double-click **Configure detection for potentially unwanted applications**. 6. Double-click **Configure detection for potentially unwanted applications**.
7. Select **Enabled** to enable PUA protection. 7. Select **Enabled** to enable PUA protection.
8. In **Options**, select **Block** to block potentially unwanted applications, or select **Audit Mode** to test how the setting works in your environment. Select **OK**. 8. In **Options**, select **Block** to block potentially unwanted applications, or select **Audit Mode** to test how the setting works in your environment. Select **OK**.
9. Deploy your Group Policy object as you usually do. 9. Deploy your Group Policy object as you usually do.
#### Use PowerShell cmdlets to configure PUA protection #### Use PowerShell cmdlets to configure PUA protection
@ -134,19 +126,17 @@ For System Center 2012 Configuration Manager, see [How to Deploy Potentially Unw
##### To enable PUA protection ##### To enable PUA protection
```PowerShell ```PowerShell
Set-MpPreference -PUAProtection Enabled Set-MpPreference -PUAProtection Enabled
``` ```
Setting the value for this cmdlet to `Enabled` turns the feature on if it has been disabled. Setting the value for this cmdlet to `Enabled` turns the feature on if it has been disabled.
##### To set PUA protection to audit mode ##### To set PUA protection to audit mode
```PowerShell ```PowerShell
Set-MpPreference -PUAProtection AuditMode Set-MpPreference -PUAProtection AuditMode
``` ```
Setting `AuditMode` detects PUAs without blocking them. Setting `AuditMode` detects PUAs without blocking them.
##### To disable PUA protection ##### To disable PUA protection
@ -154,10 +144,9 @@ Setting `AuditMode` detects PUAs without blocking them.
We recommend keeping PUA protection turned on. However, you can turn it off by using the following cmdlet: We recommend keeping PUA protection turned on. However, you can turn it off by using the following cmdlet:
```PowerShell ```PowerShell
Set-MpPreference -PUAProtection Disabled Set-MpPreference -PUAProtection Disabled
``` ```
Setting the value for this cmdlet to `Disabled` turns the feature off if it has been enabled. Setting the value for this cmdlet to `Disabled` turns the feature off if it has been enabled.
See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus. See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus.
@ -167,7 +156,6 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
PUA events are reported in the Windows Event Viewer, but not in Microsoft Endpoint Manager or in Intune. You can also use the `Get-MpThreat` cmdlet to view threats that Microsoft Defender Antivirus handled. Here's an example: PUA events are reported in the Windows Event Viewer, but not in Microsoft Endpoint Manager or in Intune. You can also use the `Get-MpThreat` cmdlet to view threats that Microsoft Defender Antivirus handled. Here's an example:
```console ```console
CategoryID : 27 CategoryID : 27
DidThreatExecute : False DidThreatExecute : False
IsActive : False IsActive : False