From fd64c2be01605a7cb4e5e4f3612d15c321a8f5f9 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Fri, 27 Sep 2019 15:38:16 -0700 Subject: [PATCH 1/4] Add topic on PUA protection --- windows/security/threat-protection/TOC.md | 4 +- .../microsoft-defender-atp-mac-pua.md | 65 +++++++++++++++++++ 2 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-pua.md diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index eaedfb4d15..6a27a1ebb9 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -310,7 +310,9 @@ ##### [Deployment with a different Mobile Device Management (MDM) system](windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md) ##### [Manual deployment](windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md) #### [Update Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-updates.md) -#### [Set preferences for Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md) +#### [Configure Microsoft Defender ATP for Mac]() +##### [Set preferences for Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md) +##### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/microsoft-defender-atp-mac-pua.md) #### [Privacy for Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md) #### [Resources for Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-resources.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-pua.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-pua.md new file mode 100644 index 0000000000..7fba2cb737 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-pua.md @@ -0,0 +1,65 @@ +--- +title: Detect and block potentially unwanted applications +ms.reviewer: +description: Describes how to detect and block Potentially Unwanted Applications (PUA) using Microsoft Defender ATP for Mac. +keywords: microsoft, defender, atp, mac, pua, pus +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dansimp +author: dansimp +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Detect and block potentially unwanted applications + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md) + +The potentially unwanted application (PUA) protection feature in Microsoft Defender ATP for Mac can detect and block PUAs on endpoints in your network. + +These applications are not considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use. PUA can also refer to applications that are considered to have poor reputation. + +These applications can increase the risk of your network being infected with malware, cause malware infections to be harder to identify, and can waste IT resources in cleaning up the applications. + +## How it works + +Microsoft Defender ATP for Mac can detect and report PUA files. When configured in blocking mode, PUA files are moved to the quarantine. + +When a PUA is detected on an endpoint, Microsoft Defender ATP for Mac presents a notification to the user (unless notifications have been disabled) in the same format as normal threat detections (but will contain "Application" in the threat name). + +## Configure PUA protection + +PUA protection in Microsoft Defender ATP for Mac can be configured in one of the following ways: +- **Off**: PUA protection is disabled. +- **Audit**: PUA files are reported in the product logs, but not in Microsoft Defender Security Center. No notification is presented to the user and no action is taken by the product. +- **Block**: PUA files are reported in the product logs and in Microsoft Defender Security Center, the user is presented with a notification and action is taken by the product. + +>[!WARNING] +>By default, PUA protection is configured in **Audit** mode. + +You can configure how PUA files are handled by the product from the command line or from the management console. + +### Use the command-line tool to configure PUA protection: + +In Terminal, execute the following command in order to configure PUA protection: + +```bash +$ mdatp --threat --type-handling potentially_unwanted_application [off|audit|block] +``` + +### Use the management console to configure PUA protection: + +In your enterprise, you can configure PUA protection from a management console (such as JAMF or Intune) similarly to how other product settings are configured. Refer to the [threat type settings](microsoft-defender-atp-mac-preferences.md#threat-type-settings) section of the [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md) topic for more information. + +## Related topics + +- [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md) \ No newline at end of file From d63446d9f1ecf5654897c7397510d098a95d5b11 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Fri, 27 Sep 2019 16:22:34 -0700 Subject: [PATCH 2/4] Styling & grammar --- .../microsoft-defender-atp-mac-pua.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-pua.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-pua.md index 7fba2cb737..ce8dcd3fed 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-pua.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-pua.md @@ -34,23 +34,24 @@ These applications can increase the risk of your network being infected with mal Microsoft Defender ATP for Mac can detect and report PUA files. When configured in blocking mode, PUA files are moved to the quarantine. -When a PUA is detected on an endpoint, Microsoft Defender ATP for Mac presents a notification to the user (unless notifications have been disabled) in the same format as normal threat detections (but will contain "Application" in the threat name). +When a PUA is detected on an endpoint, Microsoft Defender ATP for Mac presents a notification to the user, unless notifications have been disabled. The threat name will contain the word "Application". ## Configure PUA protection PUA protection in Microsoft Defender ATP for Mac can be configured in one of the following ways: + - **Off**: PUA protection is disabled. - **Audit**: PUA files are reported in the product logs, but not in Microsoft Defender Security Center. No notification is presented to the user and no action is taken by the product. -- **Block**: PUA files are reported in the product logs and in Microsoft Defender Security Center, the user is presented with a notification and action is taken by the product. +- **Block**: PUA files are reported in the product logs and in Microsoft Defender Security Center. The user is presented with a notification and action is taken by the product. >[!WARNING] >By default, PUA protection is configured in **Audit** mode. -You can configure how PUA files are handled by the product from the command line or from the management console. +You can configure how PUA files are handled from the command line or from the management console. ### Use the command-line tool to configure PUA protection: -In Terminal, execute the following command in order to configure PUA protection: +In Terminal, execute the following command to configure PUA protection: ```bash $ mdatp --threat --type-handling potentially_unwanted_application [off|audit|block] @@ -58,7 +59,7 @@ $ mdatp --threat --type-handling potentially_unwanted_application [off|audit|blo ### Use the management console to configure PUA protection: -In your enterprise, you can configure PUA protection from a management console (such as JAMF or Intune) similarly to how other product settings are configured. Refer to the [threat type settings](microsoft-defender-atp-mac-preferences.md#threat-type-settings) section of the [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md) topic for more information. +In your enterprise, you can configure PUA protection from a management console, such as JAMF or Intune, similarly to how other product settings are configured. For more information, refer to the [Threat type settings](microsoft-defender-atp-mac-preferences.md#threat-type-settings) section of the [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md) topic. ## Related topics From c8ca073d7d3ccc69557cc6a14ae4625345d1efcb Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Fri, 27 Sep 2019 16:26:56 -0700 Subject: [PATCH 3/4] More styling --- .../microsoft-defender-atp-mac-pua.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-pua.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-pua.md index ce8dcd3fed..db2f58ca98 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-pua.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-pua.md @@ -59,7 +59,7 @@ $ mdatp --threat --type-handling potentially_unwanted_application [off|audit|blo ### Use the management console to configure PUA protection: -In your enterprise, you can configure PUA protection from a management console, such as JAMF or Intune, similarly to how other product settings are configured. For more information, refer to the [Threat type settings](microsoft-defender-atp-mac-preferences.md#threat-type-settings) section of the [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md) topic. +In your enterprise, you can configure PUA protection from a management console, such as JAMF or Intune, similarly to how other product settings are configured. For more information, see the [Threat type settings](microsoft-defender-atp-mac-preferences.md#threat-type-settings) section of the [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md) topic. ## Related topics From 885dec62618e2c09e0f5bec7a083a3cb185aa8a3 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Fri, 27 Sep 2019 16:34:52 -0700 Subject: [PATCH 4/4] Update wording --- .../microsoft-defender-atp-mac-pua.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-pua.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-pua.md index db2f58ca98..2696590c99 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-pua.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-pua.md @@ -24,7 +24,7 @@ ms.topic: conceptual - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md) -The potentially unwanted application (PUA) protection feature in Microsoft Defender ATP for Mac can detect and block PUAs on endpoints in your network. +The potentially unwanted application (PUA) protection feature in Microsoft Defender ATP for Mac can detect and block PUA files on endpoints in your network. These applications are not considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use. PUA can also refer to applications that are considered to have poor reputation.