ESET Online Help

Search English
Select the topic

Potentially unwanted applications

Grayware or Potentially Unwanted Application (PUA) is a broad software category whose intent is not as unequivocally malicious as with other types of malware, such as viruses or trojans. It may, however, install additional unwanted software, change the behavior of the digital device, or perform activities not approved or expected by the user.

Categories that may be considered grayware include advertising display software, download wrappers, various browser toolbars, software with misleading behavior, bundleware, trackware, proxyware (internet-sharing applications), crypto-miners, registry cleaners (Windows operating systems only) or any other borderline software, or software that uses illicit or at least unethical business practices (despite appearing legitimate) and might be deemed undesirable by an end user who became aware of what the software would do if allowed to install.

A Potentially Unsafe Application is legitimate (possibly commercial) software attackers might misuse. Users of ESET software can turn on or off detection of these types of applications.

In some situations, a user may feel that the benefits of a potentially unwanted app outweigh the risks. For this reason, ESET assigns such applications a lower-risk category compared to other types of malicious software, such as trojans or worms.

Warning - Potentially unwanted application found


Software wrappers

Registry cleaners

Potentially unwanted content


Illustrated instructions

See our ESET Knowledgebase article to scan and remove Potentially Unwanted Applications (PUAs) in ESET Windows home products.

Warning - Potentially unwanted application found

When a potentially unwanted application is detected, you can decide which action to take:

1.Clean/Disconnect: This option ends the action and prevents the PUA from entering your system.
You will see the Disconnect option for PUA notifications during download from a website and the Clean option for notifications for a file on disk.

2.Ignore: This option allows a PUA to enter your system.

3.Exclude from detection: To allow the detected file that is already on the computer to run in the future without interruption, click Advanced options, select the check box next to Exclude from detection and click Ignore.

4.Exclude signature from detection: To allow all files identified by a specific detection name (signature) to run on your computer in the future without interruption (from existing files or web download), click Advanced options, select the check box next to Exclude signature from detection and click Ignore. If additional detection windows with an identical detection name are displayed immediately afterward, click Ignore to close them (any additional windows are related to a detection that occurred before you excluded signature from detection).



While installing your ESET product, you can decide whether to enable the detection of potentially unwanted applications, as shown below:





Potentially unwanted applications may install adware and toolbars or contain other unwanted and unsafe program features.

You can modify these settings in your program settings at any time. To enable or disable the detection of Potentially unwanted, unsafe or suspicious applications, follow these instructions:

1.Open your ESET product.

2.Press the F5 key to access Advanced setup.

3.Click Detection engine (in earlier versions also known as Antivirus or Computer) and enable or disable options Enable detection of potentially unwanted applications, Enable detection of potentially unsafe applications and Enable detection of suspicious applications according to your preferences. Confirm by clicking OK.




Illustrated instructions

For more detailed instructions on how to configure products to detect or ignore PUAs, visit ESET Knowledgebase articles:

ESET NOD32 Antivirus / ESET HOME Security Essential / ESET HOME Security Premium

ESET Cyber Security for macOS / ESET Cyber Security Pro for macOS

ESET Endpoint Security / ESET Endpoint Antivirus for Windows

ESET Mobile Security for Android

Software wrappers

A software wrapper is a special type of application modification that is used by some file-hosting websites. It is a third-party tool that installs the program you intended to download but adds additional software, such as toolbars or adware. The additional software may also make changes to your web browser’s home page and search settings. Also, file-hosting websites often do not notify the software vendor or download recipient that modifications are made, and often hide options to opt out. For these reasons, ESET classifies software wrappers as a type of potentially unwanted application to allow users to accept the download or not.

Registry cleaners

Registry cleaners are programs that may suggest that the Windows registry database requires regular maintenance or cleaning. Using a registry cleaner might introduce some risks to your computer system. Additionally, some registry cleaners make unqualified, unverifiable, or otherwise unsupportable claims about their benefits or generate misleading reports about a computer system based on the results of a "free scan". These misleading claims and reports seek to persuade you to purchase a full version or subscription, usually without allowing you to evaluate the registry cleaner before payment. For these reasons, ESET classifies such programs as PUA and provides you the option to allow or to block them.

Potentially unwanted content

If PUA detection is enabled in your ESET product, websites that have a reputation for promoting PUAs or that have a reputation for misleading users into performing actions that might have negative implications on their system or browsing experience will be blocked as potentially unwanted content. You can receive a notification that a website you are attempting to visit is categorized as potentially unwanted content. Click Go Back to navigate away from the blocked web page or click Ignore and continue to allow the site to load.


Further information about this topic can be found in this ESET Knowledgebase article.