Microsoft Volume Licensing Blogtwitter

How Microsoft antimalware products identify potentially unwanted software

Identifying and analyzing potentially unwanted software is a complex challenge. New forms of potentially unwanted software are constantly under development. The same technology that can make software unwanted also appears in software that you want to keep and use (such as antivirus or antimalware software). It’s not always possible to automatically determine whether a program is something you want to keep or something you want to remove.

Microsoft helps by giving you the information and tools you need to decide which software to download, install, and run on your computer.

We maintain a definition library of potentially unwanted software. This library has a database of potentially unwanted software files and settings. When our researchers identify new potentially unwanted software, they create definitions and add them to the library. We release regular definition updates to help protect your computer and personal information.

You can participate in our worldwide network by submitting potentially unwanted software for analysis. This network helps identify programs to add to our definition library.

New forms of potentially unwanted software are developed and distributed rapidly. As a result, Microsoft reserves the right to adjust, expand, and update its criteria for analysis without prior notice or announcements.

Consumer opinion

Microsoft has created a worldwide network where you can submit potentially unwanted software for analysis. Participants in the network play a key role in helping identify new suspicious programs quickly. After analysis, Microsoft creates definitions for programs that meet the criteria, and makes them available to all users through Microsoft antimalware software.

If you believe you have been negatively affected by potentially unwanted software, download and install Microsoft antimalware software. If the potentially unwanted software persists, you can report the problem to Microsoft.

Evaluation criteria

Microsoft researchers use the following categories to determine whether to add a program to the definition library, and what classification type, risk level, and recommendation to give it:

  • Unwanted behavior: The software runs unwanted processes or programs on your computer, does not display adequate disclosures about its behavior or obtain adequate consent, prevents you from controlling its actions while it runs on your computer, prevents you from uninstalling or removing the program, or makes misleading or inaccurate claims about the state of your computer.

  • Advertising: The software delivers out-of-context advertising that interferes with the quality of your computing experience, regardless of whether you consented to this behavior or not.

  • Privacy: The software collects, uses, or communicates your information without your explicit consent.

  • Consumer opinion: Microsoft considers input from individual users as a key factor in helping to identify new unwanted behaviors and programs that might interfere with the quality of your computing experience.

Unwanted behavior: lack of choice

You must be notified about what is happening on your computer, including what a program does and whether it is active.

Software that exhibits lack of choice may:

  • Fail to provide prominent notice about the behavior of the program and its purpose and intent

  • Fail to clearly indicate when the program is active, and may attempt to hide or disguise its presence

  • Install, reinstall, or remove software without your permission, interaction, or consent

  • Install other software without a clear indication of its relationship to the primary program

  • Falsely claim to be a program from Microsoft.

Unwanted behaviors: lack of control

You must be able to control programs on your computer. You must be able to start, stop, and otherwise revoke authorization to a program.

Software that exhibits lack of control may:

  • Open browser windows without authorization

  • Redirect or block searches, queries, user-entered URLs, or access to other sites without clear notification and consent

  • Modify or manipulate webpage content without your consent

Unwanted behaviors: installation and removal

You must be able to start, stop, and otherwise revoke authorization to a program. Programs should obtain your consent before installing, and the program must provide a clear and straightforward way for you to install, uninstall, or disable it.

Software that exhibits a poor installation experience may:

  • Bundle or download other potentially unwanted software classified in the Microsoft antimalware definition library

Software that exhibits a poor removal experience may:

  • Present confusing or misleading prompts or pop-ups when attempting to uninstall software

  • Fail to use standard install/uninstall features, such as Add/Remove Programs

Unwanted behaviors: computer performance

You must be able to expect that the actions a system maintenance or optimization program takes towards system performance are actually beneficial. You should be able to maintain the overall quality of your computing experience.

Software that impairs computer performance may:

  • Display exaggerated claims about the system's health

  • Make misleading or inaccurate claims about files, registry entries, or other items on the system

  • Decrease computer reliability


Programs that promote a product or service outside of their own program can interfere with your computing experience. You should have clear choice and control when installing programs that open advertisements.

The advertisements that are opened by these programs must:

  • Include an obvious way to close the ad.

  • Include the name of the program that created the ad.

The program that creates these advertisements must:

  • Provide a standard uninstall method for the program using the same name as shown in the ads it produces.


You want to maintain control over your information. You expect to determine how your information is collected, used, and shared with others.

Some types of programs can also have an impact on your privacy. These include, but are not limited to:

  • Monitoring programs: software that stores or transmits your activities without notice and consent, or offers a stealth option to hide this behavior.

Note: Monitoring programs are not necessarily malicious. For example, parental controls can feature keystroke monitors, but these programs can pose a risk to your privacy if you don't expect or know about their presence.