I have always discouraged the use of registry cleaners and now Windows Defender is detecting CCleaner as a Potentially Unwanted Application (PUA). From Bleeping Computer at Microsoft now detects CCleaner as a Potentially Unwanted Application (https://www.bleepingcomputer.com/news/microsoft/microsoft-now-detects-ccleaner-as-a-potentially-unwanted-application/):
QuoteIn a new threat entry (http://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=PUA:Win32/CCleaner&ThreatID=277099) added today to the Microsoft Security Intelligence site, Microsoft is now classifying CCleaner as a PUA:Win32/CCleaner threat.
This page does not provide any information as to why Microsoft is now classifying CCleaner as a PUP/PUA, but Microsoft has stated that they do not support Registry cleaners and that they should not be used.
"Some products such as registry cleaning utilities suggest that the registry needs regular maintenance or cleaning. However, serious issues can occur when you modify the registry incorrectly using these types of utilities. These issues might require users to reinstall the operating system due to instability. Microsoft cannot guarantee that these problems can be solved without a reinstallation of the Operating System as the extent of the changes made by registry cleaning utilities varies from application to application," Microsoft states in a support bulletin (https://support.microsoft.com/en-us/help/2563254/microsoft-support-policy-for-the-use-of-registry-cleaning-utilities) from 2018.
Deja Vu ?
https://www.landzdown.com/security-alerts-briefings/ccleaner-piriform-compromised/msg195427/#msg195427
I'm assuming its still safe to use CC cleaner if you never enable the registry options?
I mainly use it to clean temporary files and unwanted cookies. I like that I can keep cookies for sites I frequent. Is there a good alternate way to keep selected cookies other than CC Cleaner?
( that retro article made me glad I have a 64 bit system. wowie.)
Is windows going to start flagging existing installations? Or is the PUP notice just going to be part of new downloads?
This feels similar to what happened between Piriform and Microsoft in 2019, when the entire Piriform domain was put on the blacklist for a few days. The bundling of software (especially products that are deemed by someone to negatively impact the "user experience") generally falls under PUA or PUP detection. CCleaner installation has been found to offer to bundle CCleaner Browser and third party software such as Google Chrome, Google Toolbar, Avast Free Antivirus and AVG Antivirus Free. I understand the rationale for the antivirus detection since it may disable Defender if the user opts into the installation accidentally (and doesn't want Defender replaced or disabled).
My question would be ... does Defender distinguish between standard, portable (zip, no installer) and slim (installer, no toolbar) downloads? In theory, at least, portable and slim shouldn't be detected as there are no bundles.
I should think CCleaner can be installed without any issues on Windows 10 (which has aggressive detection of PUA and PUP), but it will be marked as a PUA in the Protection History.
I haven't tried this (haven't been affected yet), but if memory serves, Defender can be allowed to trust CCleaner under Windows Security > Virus & threat protection > Threat history.
CCleaner has confirmed on Twitter that it's working with Microsoft to resolve this: https://twitter.com/CCleaner/status/1288439298082168832
Quote from: pastywhitegurl on July 30, 2020, 02:36:59 PM
I'm assuming its still safe to use CC cleaner if you never enable the registry options?
I mainly use it to clean temporary files and unwanted cookies. I like that I can keep cookies for sites I frequent. Is there a good alternate way to keep selected cookies other than CC Cleaner?
That's what I use it for FWIW. Some people use Bleachbit instead, but I have no firsthand experience.
As an update, I installed CCleaner slim on a laptop today without a peep from Defender.
I've used CCleaner to fix botched Windows feature updates. Because who needs testers? I also go for the standalone file rather than the installer.
For what it's worth, ESET also detects the installer as a potentially unsafe application (Win32/CCleaner), so, about time Microsoft, and thanks for the reminder on why I run NOD32.
I guess the takeaway here is to always use the slim build version.
Is this version specific?
I don't run CCleaner very often, so it's been a while since I updated it.
This topic inspired me to run a Defender "Full Scan"
It didn't find any "threats".
CCleaner still appears to be functional, and so is the pop-up that nags me to update.
It's specific to the installer(s), not the product.
If you already have CCleaner set up correctly and blocked from accessing the internet, you can upgrade to a later version by downloading the zip/portable version and overwriting the .exe files in your folder. CCleaner.exe - x86, CCleaner64.exe = x64 CCleaner, you only need to overwrite the file that matches your Windows bitness.
A question created in my mind while reading the topic and I wasn't able to answer it when I went to the product's site:
How ccleaner helps a computer running with Windows 10? What are the extra features the product has, which would help me as a Windows 10 user?
Quote from: Pete! on July 31, 2020, 01:59:46 PM
CCleaner still appears to be functional, and so is the pop-up that nags me to update.
I missed this - it's an indication that it has internet access,
possibly spying but certainly checking you have the latest clean/verified version. Disabling 'net access will lead to some delay before CCleaner can be used.
Quote from: satrow on July 31, 2020, 02:39:45 PM
It's specific to the installer(s), not the product.......
When I was using ESET, it was constantly deleting the installation file, and leaving the program alone.
After the Defender scan, my "downloads" folder still has CCleaner installation files going back to shortly after my last ESET subscription expired. The most recent one is from March 2020 when I last updated.
Does the latest installer contain something more objectionable than previous versions?
Quote from: Pete! on July 31, 2020, 05:50:03 PMDoes the latest installer contain something more objectionable than previous versions?
No, just the same pre-filled checkbox to agree to installing another clean software from a relayed company.
Potentially Unwanted Program/Application.
I'd have more faith in the reporting software if they suggested unchecking the box in such wrappers.
Quote from: satrow on July 31, 2020, 03:03:21 PM
Quote from: Pete! on July 31, 2020, 01:59:46 PM
CCleaner still appears to be functional, and so is the pop-up that nags me to update.
I missed this - it's an indication that it has internet access, possibly spying but certainly checking you have the latest clean/verified version. Disabling 'net access will lead to some delay before CCleaner can be used.
It was "spying" ... Not only checking the version, but checking to see what I did about it.
When I opened the program it notified me that a new version was available.
After I closed the program without updating, the nag pop-up appeared. ;D
Quote from: winchester73 on July 30, 2020, 05:05:32 PM
Some people use Bleachbit instead, but I have no firsthand experience.
What about PrivaZer? Has anyone tried it? I saw this writeup about it at MajorGeeks linked from Facebook today: Download PrivaZer (https://www.majorgeeks.com/files/details/privazer.html).