Potentially unwanted applications

Grayware or Potentially Unwanted Application (PUA) is a broad category of software, whose intent is not as unequivocally malicious as with other types of malware, such as viruses or trojan horses. It may however install additional unwanted software, change the behavior of the digital device, or perform activities not approved or expected by the user.

Categories that may be considered grayware include: advertising display software, download wrappers, various browser toolbars, software with misleading behavior, bundleware, trackware, crypto-miners, registry cleaners (Windows operating systems only) or any other borderline software, or software that uses illicit or at least unethical business practices (despite appearing legitimate) and might be deemed undesirable by an end user who became aware of what the software would do if allowed to install.

A Potentially Unsafe Application is one that is in itself legitimate (possibly commercial) software but which might be misused by an attacker. Detection of these types of application can be enabled or disabled by users of ESET software.

There are some situations where a user may feel that the benefits of a potentially unwanted application outweigh the risks. For this reason, ESET assigns such applications a lower-risk category compared to other types of malicious software, such as trojan horses or worms.

Warning - Potentially unwanted application found

Potentially unwanted applications - Settings

Potentially unwanted applications - Software wrappers

Potentially unwanted applications - Registry cleaners

Potentially unwanted content

Warning - Potentially unwanted application found

When a potentially unwanted application is detected, you can decide which action to take:

1.Clean/Disconnect: This option ends the action and prevents the PUA from entering your system.
You will see the Disconnect option for PUA notifications during download from a website and the Clean option for notifications for a file on disk.

2.Ignore: This option allows a PUA to enter your system.

3.Exclude from detection: To allow the detected file that is already on the computer to run in the future without interruption, click Advanced options, select the check box next to Exclude from detection and click Ignore.

4.Exclude signature from detection: To allow all files identified by a specific detection name (signature) to run on your computer in the future without interruption (from existing files or web download), click Advanced options, select the check box next to Exclude signature from detection and click Ignore. If additional detection windows with an identical detection name are displayed immediately afterward, click Ignore to close them (any additional windows are related to a detection that occurred before you excluded signature from detection).

PUA_INTERACTIVE

Potentially unwanted applications - Settings

While installing your ESET product, you can decide whether to enable detection of potentially unwanted applications, as shown below:

hmtoggle_plus0 Click to open a screenshot

warning

Warning

Potentially unwanted applications may install adware, toolbars, or contain other unwanted and unsafe program features.

These settings can be modified in your program settings at any time. To enable or disable the detection of Potentially unwanted, unsafe or suspicious applications, follow these instructions:

1.Open your ESET product – How do I open my ESET product?

2.Press the F5 key to access Advanced setup.

3.Click Detection engine (in earlier versions also known as Antivirus or Computer) and enable or disable options Enable detection of potentially unwanted applications, Enable detection of potentially unsafe applications and Enable detection of suspicious applications according to your preferences. Confirm by clicking OK.
 
hmtoggle_plus0 Click to open a screenshot

example

Illustrated instructions

For more detailed instructions how to configure products to detect or ignore PUAs, visit ESET Knowledgebase articles:

ESET NOD32 Antivirus / ESET Internet Security / ESET Smart Security Premium

ESET Cyber Security for macOS / ESET Cyber Security Pro for macOS

ESET Endpoint Security / ESET Endpoint Antivirus for Windows

ESET Mobile Security for Android

Potentially unwanted applications - Software wrappers

A software wrapper is a special type of application modification that is used by some file-hosting websites. It is a third-party tool that installs the program you intended to download but adds additional software, such as toolbars or adware. The additional software may also make changes to your web browser’s home page and search settings. Also, file-hosting websites often do not notify the software vendor or download recipient that modifications have been made, and often hide options to opt out. For these reasons, ESET classifies software wrappers as a type of potentially unwanted application to allow users to accept the download or not.

Potentially unwanted applications - Registry cleaners

Registry cleaners are programs that may suggest that the Windows registry database requires regular maintenance or cleaning. Using a registry cleaner might introduce some risks to your computer system. Additionally, some registry cleaners make unqualified, unverifiable or otherwise unsupportable claims about their benefits and/or generate misleading reports about a computer system based on the results of a "free scan". These misleading claims and reports seek to persuade you to purchase a full version or subscription, usually without allowing you to evaluate the registry cleaner before payment. For these reasons, ESET classifies such programs as PUA and provides you the option to allow or to block them.

Potentially unwanted content

If PUA detection is enabled in your ESET product, websites that have a reputation for promoting PUAs or that have a reputation for misleading users into performing actions that might have negative implications on their system or browsing experience will be blocked as potentially unwanted content. If you receive a notification that a website you are attempting to visit is categorized as potentially unwanted content, you can click Go Back to navigate away from the blocked web page or click Ignore and continue to allow the site to load.

hmtoggle_plus0 Click to open a screenshot

Further information about this topic can be found in this ESET Knowledgebase article.