18.3.5 Ensure 'Turn on Windows Defender protection against Potentially Unwanted Applications' is set to 'Enabled'
Info
Enabling this Windows Defender feature will protect against Potentially Unwanted Applications (PUA), which are sneaky unwanted application bundlers or their bundled applications to deliver adware or malware.
The recommended state for this setting is: 'Enabled'.
For more information, see this link: Block Potentially Unwanted Applications with Windows Defender AV | Microsoft Docs
Rationale:
This opt-in feature is free and could prevent malicious software from being installed.
Solution
To establish the recommended configuration via GP, set the following UI path to 'Enabled':
Computer Configuration\Policies\Administrative Templates\MS Security Guide\Turn on Windows Defender protection against Potentially Unwanted Applications
Note: This Group Policy path does not exist by default. An additional Group Policy template ('SecGuide.admx/adml') is required - it is available from Microsoft at this link.
Impact:
Applications that are identified by Microsoft as PUA will be blocked at download and install time.
18.3.5 Ensure 'Turn on Windows Defender protection against Potentially Unwanted Applications' is set to 'Enabled'
Info
Solution