deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 10:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into vs-8300464

Browse Source
This commit is contained in:
LizRoss
2016-08-03 07:36:12 -07:00
parent 3ed776038f 3f86a1f7d5
commit 9ca0c21166
11 changed files with 199 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
windows/keep-secure/enable-pua-windows-defender-for-windows-10.md
View File

@ -32,7 +32,7 @@ Since the stakes are higher in an enterprise environment, the potential disaster
##Enable PUA protection in SCCM and Intune
The PUA feature is available for enterprise users who are running System Center Configuration Manager (SCCM) or Microsoft Intune in their infrastructure.
The PUA feature is available for enterprise users who are running System Center Configuration Manager (SCCM) or Intune in their infrastructure.
###Configure PUA in SCCM
@ -53,10 +53,8 @@ You can use PowerShell to detect PUA without blocking them. In fact, you can run
a. Click **Start**, type **powershell**, and press **Enter**.
b. Click **Windows PowerShell** to open the interface.
> [!NOTE]
> You may need to open an administrator-level version of PowerShell. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt.
2. Enter the PowerShell command:
```text
@ -89,15 +87,12 @@ You can find a complete list of the Microsoft antimalware event IDs, the symbol,
##What PUA notifications look like
When a detection occurs, end users who enabled the PUA detection feature will see the following notification:<br>
When a detection occurs, end users who enabled the PUA detection feature will see the following notification:
![Image showing the potentally unwanted application detection](images/pua1.png)
To see historical PUA detections that occurred on a PC, users can go to History, then **Quarantined items** or **All detected items**.<br>
To see historical PUA detections that occurred on a PC, users can go to History, then **Quarantined items** or **All detected items**.
![Image showing the potentally unwanted application detection history](images/pua2.png)
##PUA threat file-naming convention
##PUA threat naming convention
When enabled, potentially unwanted applications are identified with threat names that start with “PUA:”, such as, PUA:Win32/Creprote.
@ -105,6 +100,5 @@ When enabled, potentially unwanted applications are identified with threat names
PUA protection quarantines the file so they wont run. PUA will be blocked only at download or install-time. A file will be included for blocking if it has been identified as PUA and meets one of the following conditions:
* The file is being scanned from the browser
* The file has [Mark of the Web](https://msdn.microsoft.com/en-us/library/ms537628%28v=vs.85%29.aspx) set
* The file is in the %downloads% folder
* Or if the file in the %temp% folder