Listed as “PUA: Win32/CCleaner”, Microsoft has finally decided to explain why it is listing the tool as a PUA: “Bundling of software, especially products from other providers, can result in unexpected software activity that can negatively impact the user experiences. To protect Windows users, Microsoft Defender Antivirus detects CCleaner installers that exhibit this behavior as potentially unwanted applications (PUA)”. Microsoft has never really liked registry cleaning tools. Developed by Avast, CCleaner itself is not a nefarious service, although the registry cleaner has been compromised by malware attacks in the past.
Handling PUAs on Windows
It is worth noting, the P in PUA is important. It means an app is potentially unwanted but not necessarily dangerous or bad for the user. When Windows 10 version 2004 arrive in May, Microsoft added protection against PUAs to Windows Defender (now Microsoft Defender). PUAs are apps that have been uninstalled on a machine without the knowledge or consent of the user. An example of a potentially unwanted app is an application that has been bundled in with a program you may want to download. And this is where Microsoft’s stance on CCleaner rests. Avast often bundles the tool in with its other security tools. Specifically, CCleaner bundled with Avast antivirus could circumvent Microsoft Defender. If a vulnerability occurs on the tool, Defender will not detect it. If Microsoft is cautious of CCleaner, the company is outright dismissive of some other Avast tools. For example, Windows 10 still allows users to install CCleaner, even if its listed as a PUA. However, Avast tools like Recuva, Speccy, and Defraggler are locked from use.