Author Topic: AMP family(WD/MSE) can killing some PUA now, like you wish  (Read 2043 times)

Offline BenYeeHua

  • Volunteer User Moderator
  • Member#
  • *****
  • Posts: 2243
  • Gender: Male
AMP family(WD/MSE) can killing some PUA now, like you wish
« on: October 29, 2015, 04:04:47 PM »
Look like Jeremy is right, MS is start doing something about bundle, well, by start killing some PUA(potentially unwanted application) or PUP(potentially unwanted program) with any AMP family.(WD/MSE/Microsoft Safety Scanner and other that are not for normal user)

They even crazy enough to detect and remove any iframe that inject into Bing UX, and it has been enabled from October 28, 2015.
Some PUA also listed as Severe, so...

Of cause they also reach out these people that provide bundle, and telling them why their installer is getting flagged as virus, and remove it after newer installer is clean.
Will Java Online Installer be flagged and killed? I has no idea... ::)

For more information, just read the report link below. ;)

Warning, Chinese words, basically it is talking about why WD start killing much more virus in the Virus Testing (forum) board. ;)
http://bbs.kafan.cn/thread-1860302-1-1.html

Report about PUA, like what is PUA, how MS naming them, kill/uninstall them etc.
https://www.microsoft.com/security/portal/enterprise/threatreports_october_2015.aspx

The change log of the definition(may be gone after a few new definition pushed)
https://www.microsoft.com/security/portal/definitions/whatsnew.aspx?RequestVersion=1.209.596.0&Release=Released&Package=AM

The detailed information about which PUA it will be killed, it will be changed when it is needed, and informed before it changed.
https://www.microsoft.com/security/portal/mmpc/shared/ObjectiveCriteria.aspx
« Last Edit: November 16, 2015, 01:46:45 PM by BenYeeHua »



Offline BenYeeHua

  • Volunteer User Moderator
  • Member#
  • *****
  • Posts: 2243
  • Gender: Male
Re: AMP family(WD/MSE) can killing some PUA now, like you wish
« Reply #1 on: November 16, 2015, 01:48:35 PM »
A little update on this one, you need to enable it yourself, and be aware that enable it might start getting false report, and also found that PUA kill is not effective. ::)

http://bbs.kafan.cn/thread-1864226-1-1.html
https://technet.microsoft.com/en-us/library/hh508770.aspx#BKMK_Step1

WD
Code: [Select]
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine]
"MpEnablePus"=dword:00000001


MSE
Code: [Select]
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft AntiMalware\MpEngine]
"MpEnablePus"=dword:00000001