deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 20:33:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Removed items per last min feedback

Browse Source 
Removed Scott Molenkamp's last minute feedback
This commit is contained in:
Dolcita Montemayor
2016-08-03 11:07:20 +10:00
parent b64fd08e3f
commit 6e947b2fa7
1 changed files with 5 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
windows/keep-secure/enable-pua-windows-defender-for-windows-10.md
View File

@ -32,7 +32,7 @@ Since the stakes are higher in an enterprise environment, the potential disaster
**Enable PUA protection in SCCM and Intune**
The PUA feature is available for enterprise users who are running System Center Configuration Manager (SCCM) or Microsoft Intune in their infrastructure.
The PUA feature is available for enterprise users who are running System Center Configuration Manager (SCCM) or Intune in their infrastructure.
***Configure PUA in SCCM***
@ -43,7 +43,6 @@ If you are using these versions | See these topics
System Center Configuration Manager (current branch) version 1606 | [Create a new antimalware policy](https://technet.microsoft.com/en-US/library/mt613199.aspx#To-create-a-new-antimalware-policy)<br>[Real-time Protection Settings](https://technet.microsoft.com/en-US/library/mt613199.aspx#Real-time-Protection-Settings)
System Center 2012 R2 Endpoint Protection<br>System Center 2012 Configuration Manager<br>System Center 2012 Configuration Manager SP1<br>System Center 2012 Configuration Manager SP2<br>System Center 2012 R2 Configuration Manager<br>System Center 2012 Endpoint Protection SP1<br>System Center 2012 Endpoint Protection<br>System Center 2012 R2 Configuration Manager SP1| [How to Deploy Potentially Unwanted Application Protection Policy for Endpoint Protection in Configuration Manager](https://technet.microsoft.com/library/hh508770.aspx#BKMK_PUA)
***Use PUA audit mode in SCCM***
You can use PowerShell to detect PUA without blocking them. In fact, you can run audit mode on individual machines. This feature is useful if your company is conducting an internal software security compliance check and youd like to avoid any false positives.
@ -53,10 +52,7 @@ You can use PowerShell to detect PUA without blocking them. In fact, you can run
a. Click **Start**, type **powershell**, and press **Enter**.
b. Click **Windows PowerShell** to open the interface.
> [!NOTE]
> You may need to open an administrator-level version of PowerShell. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt.
> **Note:**&nbsp;&nbsp;You may need to open an administrator-level version of PowerShell. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt.
2. Enter the PowerShell command:
```text
@ -89,15 +85,12 @@ You can find a complete list of the Microsoft antimalware event IDs, the symbol,
**What PUA notifications look like**
When a detection occurs, end users who enabled the PUA detection feature will see the following notification:<br>
When a detection occurs, end users who enabled the PUA detection feature will see the following notification:
![Image showing the potentally unwanted application detection](images/pua1.png)
To see historical PUA detections that occurred on a PC, users can go to History, then **Quarantined items** or **All detected items**.<br>
To see historical PUA detections that occurred on a PC, users can go to History, then **Quarantined items** or **All detected items**.
![Image showing the potentally unwanted application detection history](images/pua2.png)
**PUA threat file-naming convention**
**PUA threat-naming convention**
When enabled, potentially unwanted applications are identified with threat names that start with “PUA:”, such as, PUA:Win32/Creprote.
@ -105,6 +98,5 @@ When enabled, potentially unwanted applications are identified with threat names
PUA protection quarantines the file so they wont run. PUA will be blocked only at download or install-time. A file will be included for blocking if it has been identified as PUA and meets one of the following conditions:
* The file is being scanned from the browser
* The file has [Mark of the Web](https://msdn.microsoft.com/en-us/library/ms537628%28v=vs.85%29.aspx) set
* The file is in the %downloads% folder
* Or if the file in the %temp% folder