6

The Windows 10 May 2020 update included a new feature to block potentially unwanted applications(PUA). Thanks to this, I now have an annoying yellow warning sign ⚠️ in my task bar which I would like to get rid of.

You can see the option to dismiss the notification under "App & browser Control" when you click the icon. Clicking on "App & browser Control" takes you to a screen where you can dismiss the warning under "Reputation-based protection." Clicking on "Reputation-based protection settings" brings up yet another option to dismiss it next to "Potentially unwanted app blocking."

Unfortunately all of these are temporary. The warning comes back every couple of days or after every reboot.

I did find this Microsoft Docs article that had instructions to disable PUA using Group Policy. When I go to Group Policy Management Editor> Computer configuration> Administrative templates> Windows components> Microsoft Defender Antivirus> Configure protection for potentially unwanted applications and set that to "Enabled" with the options drop down set to "Disable (Default)" it does successfully clear the warning.

This results in a slightly unexpected "Disabled" appearance in the Group Policy editor. It also adds red text stating "This setting is managed by your administrator" over the "Potentially unwanted app blocking" section of the "Reputation-based protection" page.

I also tried the PowerShell commands in the article, but those settings basically just toggled the switch on and off. I do not have Intune or Endpoint Configuration Manager available.

What I would really like to know is: Is there a way the warnings can be dismissed permanently without going through Group Policy and without turning PUA on?

P.S. This is also not about disabling Windows Defender itself, only the notification for PUA protection being turned off.

Booga Roo
  • 733
  • 1
  • 7
  • 14
  • If you assign the policy a specific value (Enabled or Disabled) the user will be notified the setting is managed by a group policy (due to the fact that is indeed the case). If you want the user to be able to enable or disable it, then you must set it to the an unconfigured state, and allow the user to disable or enable it. The default state, when it's not configured, is behave as it was specifically disabled. So what exactly is your question?.If I wasn't confused by your question, I would not ask, what your question actually is. Instead of replying with a comment you should edit the question – Ramhound Jul 23 '20 at 22:47
  • 1
    @Ramhound My primary goal is to get rid of the warning without using Group Policy. That's in the question already. The details about Group Policy are confusing because the behavior is confusing. If you set GP directly to Disabled it acts the same as Not Configured and does not give the red notification text and does not clear the warning. If you set it to Enabled with options set to Disabled (Default) it clears the warning, sets the red text and appears the same as if you set it directly to Disabled in the GP editor. Weird! Should I just remove all the details about group policy to tidy it up? – Booga Roo Jul 24 '20 at 01:09
  • What? I am confused by your last comment – Ramhound Jul 24 '20 at 01:35
  • I go to Group Policy Management Editor> Computer configuration> Administrative templates> Windows components> Microsoft Defender Antivirus> MAPS > Send file samples when further analysis is required. I Enable this but select Never Send. This seems to take away the warning. – guest May 30 '21 at 03:26

4 Answers4

3

I was able to figure this out today after pulling what's left of my hair out.

Setting this key gets rid of the notification: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Security Health\State

AppAndBrowser_PuaSmartScreenOff = 1 {DWORD}

KeppsLock
  • 46
  • 2
1

I am afraid the only solution to get rid of the warning is to enable the feature you don't want to have.

As stated in this thread, you can send a message to Microsoft:

use the Feedback Hub or whatever it's called to comment on features which are missing etc...

I have the Windows 10 version 20H2 and build 19042.746 right now and the problem still persists. But it seems this issue is not going away too soon.

Another person proposes the following solution, which is kind of acceptable:

why not provide an option to prompt me whenever Windows Defenders wants to submit something it considers suspicious? I'm certainly willing to let it do that, but I don't like the idea of the system automatically sending random files and making assumptions on whether or not they contain sensitive data.

PS: Ah, I just realised you are talking about "Potentially unwanted app blocking." and not about "Cloud Based" and "Automatic Sample Submission". Personally I have that feature disabled and Windows do not prompt me again, it just prompt the other two I have commented earlier.

ChesuCR
  • 181
  • 1
  • 8
  • Your link points to [this article](http://tech-soft3.blogspot.com/2016/05/windows-10-tip-disable-data-collection.html) which shows how to disable sample submission with a registry edit. Unfortunately, it's not working now -- even as admin, I'm not allowed to write to the `Windows Defender\Spynet` values. I assume this is a "security improvement" since the article was originally published... – Coderer Aug 23 '22 at 08:24
0

Something is really wrong in that area of the OS. I have Win11 22H2 running and I got an exclamation mark for the section "App & Browser Control" but there is no entry in the review-section and the dismiss-button is not doing anything. Is there any log-files that tells me the real reason for the exclamation mark?

Carsten Giese
  • 1
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Oct 04 '22 at 14:02
  • This appears to be a new question, not an answer. I suggest deleting this, then [asking a question](https://superuser.com/questions/ask) so that people will find it and respond to you with answers. – Booga Roo Oct 04 '22 at 14:37
  • If you have a new question, please ask it by clicking the [Ask Question](https://superuser.com/questions/ask) button. Include a link to this question if it helps provide context. - [From Review](/review/late-answers/1149459) – Toto Oct 04 '22 at 14:55
-1

In Windows 10.0.19042 I have three blocked items in App & browser control, under Reputation-based protection, which are

  • PUAAdvertising:Win32/KuaiZip
  • PUA:Win32/KuaiZip
  • PUA:Win32/CoinMiner

The first one can be removed using Action > Remove but the later two can not even using Remove or Quarantine options. The last threat is related to gplyra.exe which can be removed according to this, which in my case there is gplyra-uninst.exe file.

After choose the option Remove even not all successfull for the three threats, the Dismiss option below App & browser control is chosen and the warnings are gone. And they are still not shown even after reboot. I do only once reboot.

dudung
  • 101
  • 3
  • If you have a new question, please ask it by clicking the [Ask Question](https://superuser.com/questions/ask) button. Include a link to this question if it helps provide context. - [From Review](/review/late-answers/1117344) – DarkDiamond Apr 01 '22 at 15:30