Author Topic: Windows Defender Detects CCleaner as Potentially Unwanted Application (PUA)  (Read 2942 times)

0 Members and 1 Guest are viewing this topic.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20165
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
I have always discouraged the use of registry cleaners and now Windows Defender is detecting CCleaner as a Potentially Unwanted Application (PUA).  From Bleeping Computer at Microsoft now detects CCleaner as a Potentially Unwanted Application

Quote
In a new threat entry added today to the Microsoft Security Intelligence site, Microsoft is now classifying CCleaner as a PUA:Win32/CCleaner threat.

This page does not provide any information as to why Microsoft is now classifying CCleaner as a PUP/PUA, but Microsoft has stated that they do not support Registry cleaners and that they should not be used.

"Some products such as registry cleaning utilities suggest that the registry needs regular maintenance or cleaning.  However, serious issues can occur when you modify the registry incorrectly using these types of utilities. These issues might require users to reinstall the operating system due to instability. Microsoft cannot guarantee that these problems can be solved without a reinstallation of the Operating System as the extent of the changes made by registry cleaning utilities varies from application to application," Microsoft states in a support bulletin from 2018.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.


Offline pastywhitegurl

  • Hero Member
  • *****
  • Posts: 1108
  • advanced techno feeb
    • View Profile
I'm assuming its still safe to use CC cleaner if you never enable the registry options?

I mainly use it to clean temporary files and unwanted cookies.  I like that I can keep cookies for sites I frequent.  Is there a good alternate way to keep selected cookies other than CC Cleaner?

( that retro article made me glad I have a 64 bit system. wowie.)


Is windows going to start flagging existing installations?  Or is the PUP notice just going to be part of new downloads?

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7329
  • Liverpool FC - YNWA
    • View Profile
This feels similar to what happened between Piriform and Microsoft in 2019, when the entire Piriform domain was put on the blacklist for a few days.  The bundling of software (especially products that are deemed by someone to negatively impact the “user experience”) generally falls under PUA or PUP detection.  CCleaner installation has been found to offer to bundle CCleaner Browser and third party software such as Google Chrome, Google Toolbar, Avast Free Antivirus and AVG Antivirus Free.  I understand the rationale for the antivirus detection since it may disable Defender if the user opts into the installation accidentally (and doesn't want Defender replaced or disabled).

My question would be ... does Defender distinguish between standard, portable (zip, no installer) and slim (installer, no toolbar) downloads?  In theory, at least, portable and slim shouldn't be detected as there are no bundles.

I should think CCleaner can be installed without any issues on Windows 10 (which has aggressive detection of PUA and PUP), but it will be marked as a PUA in the Protection History.

I haven't tried this (haven't been affected yet), but if memory serves, Defender can be allowed to trust CCleaner under Windows Security > Virus & threat protection > Threat history.

CCleaner has confirmed on Twitter that it’s working with Microsoft to resolve this:  https://twitter.com/CCleaner/status/1288439298082168832
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7329
  • Liverpool FC - YNWA
    • View Profile
I'm assuming its still safe to use CC cleaner if you never enable the registry options?

I mainly use it to clean temporary files and unwanted cookies.  I like that I can keep cookies for sites I frequent.  Is there a good alternate way to keep selected cookies other than CC Cleaner?

That's what I use it for FWIW.  Some people use Bleachbit instead, but I have no firsthand experience.

Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7329
  • Liverpool FC - YNWA
    • View Profile
As an update, I installed CCleaner slim on a laptop today without a peep from Defender.
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline Aaron Hulett

  • Administrator
  • Hero Member
  • *****
  • Posts: 1448
  • Schrödinger's cat walks into a bar... and doesn't.
    • View Profile
    • My Site
I've used CCleaner to fix botched Windows feature updates. Because who needs testers? I also go for the standalone file rather than the installer.

For what it's worth, ESET also detects the installer as a potentially unsafe application (Win32/CCleaner), so, about time Microsoft, and thanks for the reminder on why I run NOD32.

Offline pastywhitegurl

  • Hero Member
  • *****
  • Posts: 1108
  • advanced techno feeb
    • View Profile
I guess the takeaway here is to always use the slim build version.

Offline Pete!

  • Hero Member
  • *****
  • Posts: 5249
    • View Profile
Is this version specific?

I don't run CCleaner very often, so it's been a while since I updated it.
This topic inspired me to run a Defender "Full Scan"
It didn't find any "threats".
CCleaner still appears to be functional, and so is the pop-up that nags me to update.

Offline satrow

  • LzD Friends
  • Full Member
  • *****
  • Posts: 246
    • View Profile
It's specific to the installer(s), not the product.

If you already have CCleaner set up correctly and blocked from accessing the internet, you can upgrade to a later version by downloading the zip/portable version and overwriting the .exe files in your folder. CCleaner.exe - x86, CCleaner64.exe = x64 CCleaner, you only need to overwrite the file that matches your Windows bitness.

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1773
  • Keep on keeping on.
    • View Profile
A question created in my mind while reading the topic and I wasn't able to answer it when I went to the product's site:

How ccleaner helps a computer running with Windows 10? What are the extra features the product has, which would help me as a Windows 10 user?

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

Offline satrow

  • LzD Friends
  • Full Member
  • *****
  • Posts: 246
    • View Profile
CCleaner still appears to be functional, and so is the pop-up that nags me to update.

I missed this - it's an indication that it has internet access, possibly spying but certainly checking you have the latest clean/verified version. Disabling 'net access will lead to some delay before CCleaner can be used.

Offline Pete!

  • Hero Member
  • *****
  • Posts: 5249
    • View Profile
It's specific to the installer(s), not the product.......
When I was using ESET, it was constantly deleting the installation file, and leaving the program alone.

After the Defender scan, my "downloads" folder still has CCleaner installation files going back to shortly after my last ESET subscription expired. The most recent one is from March 2020 when I last updated.

Does the latest installer contain something more objectionable than previous versions?


Offline satrow

  • LzD Friends
  • Full Member
  • *****
  • Posts: 246
    • View Profile
Does the latest installer contain something more objectionable than previous versions?

No, just the same pre-filled checkbox to agree to installing another clean software from a relayed company.

Potentially Unwanted Program/Application.

I'd have more faith in the reporting software if they suggested unchecking the box in such wrappers.

Offline Pete!

  • Hero Member
  • *****
  • Posts: 5249
    • View Profile
CCleaner still appears to be functional, and so is the pop-up that nags me to update.

I missed this - it's an indication that it has internet access, possibly spying but certainly checking you have the latest clean/verified version. Disabling 'net access will lead to some delay before CCleaner can be used.
It was "spying" ... Not only checking the version, but checking to see what I did about it.

When I opened the program it notified me that a new version was available.
After I closed the program without updating, the nag pop-up appeared.  ;D