本帖最后由 ELOHIM 于 2015-11-17 20:55 编辑
[url=]原文链接:https://technet.microsoft.com/en ... 770.aspx#BKMK_Step1 懒得翻译了。。
[/url]
Potential Unwanted Application (PUA) is a threat classification based on reputation and research-driven identification. Most commonly, these PUA applications are unwanted application bundlers or their bundled applications .
You can protect your users from PUA by deploying an antimalware policy in your Microsoft System Center 2012 Endpoint Protection Configuration Manager. The protection policy setting is disabled by default. If enabled, this feature will block PUA at download and install time. However, you can exclude specific files or folders to meet the specific needs of your environment.
[url=]To create a configuration item to enable PUA protection[/url]
- In the Configuration Manager console, click Assets and Compliance.
- In the Assets and Compliance workspace, open the Compliance Settings folder, right-click on Configuration Items, and then click Create Configuration Item.
- In the Configuration Item wizard, select a name and the Windows Desktops and Server (custom) Configuration Item type before clicking Next. Select the targeted operating systems, and go to the next page. Click New to create a new setting.
- In the Create Setting dialog box, select a name for the setting, and specify the following additional information:
- Data type – Select the Integer type to set the value type to used
- Hive - Select HKEY_LOCAL_MACHINE as the hive root
- Key – Select the key according to your product version:
Product name
| Key
| System Center Endpoint Protection
| Software\Policies\Microsoft\Microsoft Antimalware\MpEngine\
| Forefront Endpoint Protection
| Software\Policies\Microsoft\Microsoft Antimalware\MpEngine\
| Microsoft Security Essentials
| Software\Policies\Microsoft\Microsoft Antimalware\MpEngine\
| Windows Defender
| Software\Policies\Microsoft\Windows Defender\MpEngine\
|
- Value – Enter MpEnablePus as the registry value name to be configured
- Select This registry value is associated with a 64-bit application
Click the Compliant Rules tab
- In the Compliant Rules tab, click the New button to create a rule.
- In the Create Rule dialog box, specify the following information:
- Enter a Name for the rule
- Select a Rule type of Value
- Select the Equals operator for the comparison
- Select a value according to the PUA setting you would like to deploy:
Value
| Description
| 0 (default)
| Potentially Unwanted Application protection is disabled
| 1
| Potentially Unwanted Application protection is enabled. The applications with unwanted behaviour will be blocked at download and install-time.
|
- Select Remediate noncompliant rules when supported
- Select Report noncompliance if this setting instance is not found
Click OK to finish creating the rule.
- In the Create Setting dialog box, click Apply. Click Next until you reach the summary dialog box. Validate the configuration preferences before clicking Next and Close. You have now created the Configuration Item.
Your Configuration Item can be added to a Configuration Baseline and deployed. See How to Create Configuration Baselines for Compliance Settings in Configuration Manager and How to Deploy Configuration Baselines in Configuration Manager for more information.
[url=]To exclude specific files or folders[/url]
 Note | Be careful when you add exclusions because it might reduce the security of the affected machines.
|
If you believe that an application was incorrectly identified as PUA, submit the file to the Malware Protection Center for evaluation. Include PUA and the detection name in the comments field.
龙神果然哎钻研爱读书,读好书。赞他一个。
|
发表于 2015-11-16 21:00:20
楼主
技术大拿,这个称呼不错吧。
村里人看不懂E文。
