Update detect-block-potentially-unwanted-apps-windows-defender-antivirus.md

2025-05-14 14:27:22 +00:00 · 2019-04-22 15:22:32 -07:00 · 2019-04-22 15:22:32 -07:00 · ef68c23f38
commit ef68c23f38
parent 44da7c9d58
1 changed files with 6 additions and 14 deletions
--- a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
@ -20,9 +20,9 @@ ms.date: 10/02/2018
 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-The potentially unwanted application (PUA) protection feature in Windows Defender Antivirus can identify and block PUAs from downloading and installing on endpoints in your network.
+The potentially unwanted application (PUA) protection feature in Windows Defender Antivirus can detect and block PUAs on endpoints in your network.
-These applications are not considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use. PUA can also refer to applications that are considered to have a poor reputation.
+These applications are not considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use. PUA can also refer to applications that are considered to have poor reputation.
 Typical PUA behavior includes:
@ -37,25 +37,17 @@ These applications can increase the risk of your network being infected with mal
 ## How it works
-PUAs are blocked when a user attempts to download or install the detected file, and if the file meets one of the following conditions:
+Windows Defender Antivirus blocks detected PUA files and attempts to download, move, run, or install them. Blocked PUA files are then moved to quarantined.
- The file is being scanned from the browser
+When a PUA is detected on an endpoint, Windows Defender Antivirus presents a notification to the user ([unless notifications have been disabled](configure-notifications-windows-defender-antivirus.md)) in the same format as normal threat detections (prefaced with "PUA:"). 
 - The file is in a folder with "**downloads**" in the path
 - The file is in a folder with "**temp**" in the path
 - The file is on the user's desktop
 - The file does not meet one of these conditions and is not under *%programfiles%*, *%appdata%*, or *%windows%*
 The file is placed in the quarantine section so it won't run.
 When a PUA is detected on an endpoint, the endpoint will present a notification to the user ([unless notifications have been disabled](configure-notifications-windows-defender-antivirus.md)) in the same format as normal threat detections (prefaced with "PUA:"). 
 They will also appear in the usual [quarantine list in the Windows Security app](windows-defender-security-center-antivirus.md#detection-history).
 ## View PUA events
-PUA events are reported in the Windows Event Viewer and not in System Center Configuration Manager or Intune.
+PUA events are reported in the Windows Event Viewer, but not in System Center Configuration Manager or Intune. 
-Hoever, PUA detections will be reported if you have set up email notifications for detections.
+You can turn on email notifications for PUA detections.
 See [Troubleshoot event IDs](troubleshoot-windows-defender-antivirus.md) for details on viewing Windows Defender Antivirus events. PUA events are recorded under event ID 1160.