Replies: 1 comment
-
Hi, With that setting enforced, the user would have to spend time going through group policy editor, find the right policy, change it and refresh local policies to apply the change. Now the user sees the warning about PUA through SmartScreen but has the ability to bypass it if they wish to do so. These programs aren't malware though. Either way, the user being an Admin, has the ability to change the settings whether it's through group policy or Defender's GUI. Running PUAs are still blocked in Defender, but downloading them is allowed, this can let the user download them and then run them in Windows Sandbox or a VM. My goal is to make the policies suitable for as many people as possible without causing too much hassle. Do you think downloading PUAs should also be blocked in policies? I can change that so then the user would have to only use Windows Sandbox or a VM to download + use the PUAs if they wish to do so. Let me know what you think |
Beta Was this translation helpful? Give feedback.
-
After running your script, I got a notification by Microsoft that I should check the checkbox "Block Downloads" in the Windows Security center under
App & browser control
-Reputation-based protection
-Potentially unwanted app blocking
section. I was wondering why this was not activated through your script? What's the reasoning behind it?Beta Was this translation helpful? Give feedback.
All reactions