6

The Windows 10 May 2020 update included a new feature to block potentially unwanted applications(PUA). Thanks to this, I now have an annoying yellow warning sign ⚠️ in my task bar which I would like to get rid of.

You can see the option to dismiss the notification under "App & browser Control" when you click the icon. Clicking on "App & browser Control" takes you to a screen where you can dismiss the warning under "Reputation-based protection." Clicking on "Reputation-based protection settings" brings up yet another option to dismiss it next to "Potentially unwanted app blocking."

Unfortunately all of these are temporary. The warning comes back every couple of days or after every reboot.

I did find this Microsoft Docs article that had instructions to disable PUA using Group Policy. When I go to Group Policy Management Editor> Computer configuration> Administrative templates> Windows components> Microsoft Defender Antivirus> Configure protection for potentially unwanted applications and set that to "Enabled" with the options drop down set to "Disable (Default)" it does successfully clear the warning.

This results in a slightly unexpected "Disabled" appearance in the Group Policy editor. It also adds red text stating "This setting is managed by your administrator" over the "Potentially unwanted app blocking" section of the "Reputation-based protection" page.

I also tried the PowerShell commands in the article, but those settings basically just toggled the switch on and off. I do not have Intune or Endpoint Configuration Manager available.

What I would really like to know is: Is there a way the warnings can be dismissed permanently without going through Group Policy and without turning PUA on?

P.S. This is also not about disabling Windows Defender itself, only the notification for PUA protection being turned off.

Improve this question
4
  • If you assign the policy a specific value (Enabled or Disabled) the user will be notified the setting is managed by a group policy (due to the fact that is indeed the case). If you want the user to be able to enable or disable it, then you must set it to the an unconfigured state, and allow the user to disable or enable it. The default state, when it's not configured, is behave as it was specifically disabled. So what exactly is your question?.If I wasn't confused by your question, I would not ask, what your question actually is. Instead of replying with a comment you should edit the question
    – Ramhound
    Commented Jul 23, 2020 at 22:47
  • 1
    @Ramhound My primary goal is to get rid of the warning without using Group Policy. That's in the question already. The details about Group Policy are confusing because the behavior is confusing. If you set GP directly to Disabled it acts the same as Not Configured and does not give the red notification text and does not clear the warning. If you set it to Enabled with options set to Disabled (Default) it clears the warning, sets the red text and appears the same as if you set it directly to Disabled in the GP editor. Weird! Should I just remove all the details about group policy to tidy it up?
    – Booga Roo
    Commented Jul 24, 2020 at 1:09
  • What? I am confused by your last comment
    – Ramhound
    Commented Jul 24, 2020 at 1:35
  • I go to Group Policy Management Editor> Computer configuration> Administrative templates> Windows components> Microsoft Defender Antivirus> MAPS > Send file samples when further analysis is required. I Enable this but select Never Send. This seems to take away the warning.
    – guest
    Commented May 30, 2021 at 3:26

4 Answers 4

Reset to default
3

I was able to figure this out today after pulling what's left of my hair out.

Setting this key gets rid of the notification: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Security Health\State

AppAndBrowser_PuaSmartScreenOff = 1 {DWORD}

Improve this answer
0
1

I am afraid the only solution to get rid of the warning is to enable the feature you don't want to have.

As stated in this thread, you can send a message to Microsoft:

use the Feedback Hub or whatever it's called to comment on features which are missing etc...

I have the Windows 10 version 20H2 and build 19042.746 right now and the problem still persists. But it seems this issue is not going away too soon.

Another person proposes the following solution, which is kind of acceptable:

why not provide an option to prompt me whenever Windows Defenders wants to submit something it considers suspicious? I'm certainly willing to let it do that, but I don't like the idea of the system automatically sending random files and making assumptions on whether or not they contain sensitive data.

PS: Ah, I just realised you are talking about "Potentially unwanted app blocking." and not about "Cloud Based" and "Automatic Sample Submission". Personally I have that feature disabled and Windows do not prompt me again, it just prompt the other two I have commented earlier.

Improve this answer
1
  • Your link points to this article which shows how to disable sample submission with a registry edit. Unfortunately, it's not working now -- even as admin, I'm not allowed to write to the Windows Defender\Spynet values. I assume this is a "security improvement" since the article was originally published...
    – Coderer
    Commented Aug 23, 2022 at 8:24
0

Something is really wrong in that area of the OS. I have Win11 22H2 running and I got an exclamation mark for the section "App & Browser Control" but there is no entry in the review-section and the dismiss-button is not doing anything. Is there any log-files that tells me the real reason for the exclamation mark?

Improve this answer
3
  • As it’s currently written, your answer is unclear. Please edit to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center.
    – Community Bot
    Commented Oct 4, 2022 at 14:02
  • This appears to be a new question, not an answer. I suggest deleting this, then asking a question so that people will find it and respond to you with answers.
    – Booga Roo
    Commented Oct 4, 2022 at 14:37
  • If you have a new question, please ask it by clicking the Ask Question button. Include a link to this question if it helps provide context. - From Review
    – Toto
    Commented Oct 4, 2022 at 14:55
-1

In Windows 10.0.19042 I have three blocked items in App & browser control, under Reputation-based protection, which are

  • PUAAdvertising:Win32/KuaiZip
  • PUA:Win32/KuaiZip
  • PUA:Win32/CoinMiner

The first one can be removed using Action > Remove but the later two can not even using Remove or Quarantine options. The last threat is related to gplyra.exe which can be removed according to this, which in my case there is gplyra-uninst.exe file.

After choose the option Remove even not all successfull for the three threats, the Dismiss option below App & browser control is chosen and the warnings are gone. And they are still not shown even after reboot. I do only once reboot.

Improve this answer
1
  • If you have a new question, please ask it by clicking the Ask Question button. Include a link to this question if it helps provide context. - From Review
    – DarkDiamond
    Commented Apr 1, 2022 at 15:30

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .