How to Remove Pua:win32/Presenoker on Windows 10 / 11

The job of the Windows Defender (built-in antivirus for Windows 10) is to block any potential threats on your computer. It blocks any suspicious app that exhibits malware like behavior even though it may not be malicious file in real. One such potential threat identified by Windows Defender is the win32/Presenoker  that it flags as PUA (Potentially Unwanted Application).


ADVERTISEMENT

What is PUA and What is PUA: Win32 / Presenoker?

PUA or Potentially Unwanted Application may not be a harmful app, but you should still be aware of it. Torrent clients are the kind of apps that Windows Defender flags as PUAs, for example, uTorrent. While Microsoft does not mention why the threat appears, but with the flag it warns the users that the torrent clients may be potentially harmful and other malware or trojan like programs may try to get access to your system. These potentially malicious apps are usually flagged as PUA: Win32 / Presenoker.

However, the downside is, these programs are not completely eliminated by the antivirus, but rather blocks them and these programs are then left behind in the “Detection History” folder. The Windows Defender security system keeps on scanning your PC and each time it identifies the uTorrent as the potential threat flagging it as PUA: Win32 / Presenoker.

 

Is it a Virus and Should You Allow or Block It?

PUA is not a virus and it’s rather a false positive. Mostly, the programs with no publisher are flagged as PUA. However, there is always a possibility that it’s a malware in the disguise and hence, it’s for you to decide if you want to remove it or include it to the exclusion list to continue installing the app. To make sure if the app is safe or not, which is usually a torrent client, verify if the download is from an official source and not from an unverified source.

Method 1: By Deleting the Services from the Windows Defender Folder

 

Step 1: Press the Win + E keys together on your keyboard to launch the File Explorer.

In the File Explorer window, navigate to the below location:

 

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service

 

Now, select all files and folders, and hit Delete.

 

File Explorer Navigate To Service Folder In Windows Defender Select All File Delete

 

Step 2: Once you are done deleting the files and folders, follow the below path to open the CacheManager folder:

 


ADVERTISEMENT

C:\ProgramData\Microsoft\Windows Defender\Scans\Scans\History\CacheManager

 

Check if any files and folders are there in this folder, it should be empty.

Now, close the File Explorer.

 

 

File Explorer Navigate To Cachemanager Folder In Windows Defender Should Be Empty

 

Step 3: Search Windows security in the search box and then click on windows security from the search result.

 

Windows Security 1 Min

 

Step 4: It opens the Windows Security home page.

Go to the right side of the window and click on Virus & threat protection.

 

Windows Security Home Right Side Virus & Threat Protection

 

Step 5: Next, on the right side of the window, check under the Current threats section.

It should show No current threats status.

 

Windows Security Virus & Threat Protection Current Threats No Current Threats

 

This means, you have successfully removed the PUA: Win32 / Presenoker. 

How to Identify If It’s  False Positive

 

Sometimes, Windows Defender can flag even a safe item as a potential threat and mark it as Win32/Presenoker. This is a false positive situation and in such a case, you should know that the app is safe. Let’s see how to identify if it’s a false positive.

 

Step 1: Search Windows security in the search box and then click on windows security from the search result.

 

Windows Security 1 Min

 

Step 2: Now, go to the right side of the window and under the Protection areas section, click on Virus & threat protection.

 

Windows Security Protection Areas Virus & Threat Protection

 

Step 5: It will open a new window.


ADVERTISEMENT


On the right side of the window, under the Current threats section,  navigate to the list of threats.

Step 6: Click on the See details under Win32/Presenoker option.

Step 7: Here, you can check which app is flagged as PUA: Win32/Presenoker.

If you can recognize the app then it’s safe, if not, then it’s certainly a harmful app.

 

Method 2: By Removing Win32/Presenoker Along with the App

 

Before you proceed to remove the Win32/Presenoker flag from your PC, you should also remove the app that’s been flagged, or the Windows Defender will keep pulling it up as the possible threat. Here’s how:

 

Step 1: Go to the Start menu and type Windows Security in the Windows search bar.

 

Start Windows Search Bar Windows Security


ADVERTISEMENT

 

Step 2: Click on the result to open the Windows Security settings window.

Go to the right side of the window and select Virus & threat protection.

 

Windows Security Home Right Side Virus & Threat Protection

 

Step 3: On the right side of the window, under the Current threats section, you should see a list of flagged apps.

Step 4: Now, next to the Win32/Presenoker flag, click to expand Low.

Press the Yes button in the prompt to allow admin rights.

Step 5: Next, under the Action options, select Remove.

Step 6: Now, press the Start actions button.

Wait till the Windows Defender app removes the possible threat.

Step 7: Repeat the steps for the other apps that are flagged as Win32/Presenoker.

 

This will remove the threat along with the app from the Windows Defender app.

ADVERTISEMENT

1 thought on “How to Remove Pua:win32/Presenoker on Windows 10 / 11”

  1. Hi Madhuparna,

    When I received the Defender Alert notification for PUA:Win32/Presenoker, there wasn’t an accompanying app listed under the current threats. Does this mean the PUA was a false positive?

    Windows 10 Quarantined this file. Should I remove it?

    Under “Protection history” I see App quarantined listed twice, without an App name.

    I don’t recall seeing any affected items listed under the file section.

    Is there an way to access more details about this file now that it has been quarantined?

    Thanks!

Comments are closed.