Considering how vulnerable an enterprise environment can be and how sneaky a suspicious browser extension is, Microsoft has decided to add an opt-in feature for enterprise machines. The new PUA protection feature is designed to stop unwanted apps on computers running the System Center Endpoint Protection (SCEP) and Forefront Endpoint Protection (FEO).
According to Microsoft anti-virus researchers, the new anti-PUA component will be delivered via automatic updates. In other words, the PUA protection updates will be a part of the existing definition updates and cloud protection for MS enterprise clients. Enterprise users will only have to opt into the protection feature, without needing to do any additional configuration. Once the feature is active, it will block the PUA at download and install time.
How to Activate the PUA Protection Feature:
Systems administrators can distribute the PUA protection feature as a Group Policy setting by using the following registry key policy setting according to the product version:
System Center Endpoint Protection, Forefront Endpoint Protection
Key Path: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Microsoft Antimalware\MpEngine
Value Name: MpEnablePus
Note: The following configuration is available for machines that are managed by System Center Endpoint Protection.
PUA threat file-naming convention
By enabling the feature, enterprise machines will be protected against unwanted software identified to start with ‘PUA’, such as PUA.AppGraffiti.
In order for the PUA recognition to work, researcher-driven signatures identify:
- Software bundling technologies
- PUA applications
- PUA frameworks
The only question that remains is why the feature is available only for enterprise computers.