Enable Audit Mode for PUA Detection in SCCM | ConfigMgr

You can enable Audit mode for PUA detection in SCCM (ConfigMgr) Antimalware policy settings, and it’s easy. In this post we will look at the steps to configure detection for potentially unwanted applications in SCCM to Audit mode via Antimalware policy.

One of the new features in SCCM 2107 is an audit option for potentially unwanted applications (PUA) that was added in the Antimalware policy settings. You can enable audit mode for PUA detection to detect potentially unwanted applications without blocking them.

The PUA protection in audit mode is useful if your company is conducting an internal software security compliance check, and you’d like to avoid any false positives. Enabling protection in audit mode allows you to determine the impact to your endpoints prior to enabling the protection in block mode.

Potentially unwanted applications (PUAs) are not virus or malware, but these applications are not good for your computer.

One such example of PUA is a software that tries to evade the detection by antivirus. Such pieces of software are also known as Evasion Software. The other examples of Potentially unwanted applications includes software products that load ads while you are browsing, software programs that install other programs showing it as trusted.

To enable Audit mode for PUA detection in SCCM Antimalware policy, you can either enable it while creating a new policy or edit an existing policy and configure it.

Enable Audit Mode for PUA Detection in SCCM Antimalware Policy

The steps to enable Audit mode for PUA Detection in SCCM Antimalware policy are as follows.

  • In the Configuration Manager console, click Assets and Compliance.
  • In the Assets and Compliance workspace, expand Endpoint Protection, and then click Antimalware Policies.
  • Select the Antimalware policy Default Client Antimalware Policy and then, on the Home tab, in the Properties group, click Properties.
  • In the Default Antimalware Policy dialog box, select Real-time protection.
  • Set Configure detection for Potentially unwanted applications to Audit mode.
Enable Audit Mode for PUA Detection in SCCM
Enable Audit Mode for PUA Detection in SCCM

If you want to enable PUA detection audit mode while creating a new Antimalware policy in SCCM, then use the below steps.

  • In the Configuration Manager console, click Assets and Compliance.
  • In the Assets and Compliance workspace, expand Endpoint Protection, and then click Antimalware Policies.
  • On the Home tab, in the Create group, click Create Antimalware Policy.
  • In the General section of the Create Antimalware Policy dialog box, enter a name and a description for the policy.
  • In the Create Antimalware Policy dialog box, configure the Real-time Protection setting.
  • Enable the Audit mode for PUA detection and save the policy.
Enable Audit Mode for PUA Detection in SCCM
Enable Audit Mode for PUA Detection in SCCM

Need Assistance?

Send us a message or post your question in forums.