The job of the Windows Defender (built-in antivirus for Windows 10) is to block any potential threats on your computer. It blocks any suspicious app that exhibits malware like behavior even though it may not be malicious file in real. One such potential threat identified by Windows Defender is the win32/Presenoker that it flags as PUA (Potentially Unwanted Application).
What is PUA and What is PUA: Win32 / Presenoker?
PUA or Potentially Unwanted Application may not be a harmful app, but you should still be aware of it. Torrent clients are the kind of apps that Windows Defender flags as PUAs, for example, uTorrent. While Microsoft does not mention why the threat appears, but with the flag it warns the users that the torrent clients may be potentially harmful and other malware or trojan like programs may try to get access to your system. These potentially malicious apps are usually flagged as PUA: Win32 / Presenoker.
However, the downside is, these programs are not completely eliminated by the antivirus, but rather blocks them and these programs are then left behind in the “Detection History” folder. The Windows Defender security system keeps on scanning your PC and each time it identifies the uTorrent as the potential threat flagging it as PUA: Win32 / Presenoker.
Is it a Virus and Should You Allow or Block It?
PUA is not a virus and it’s rather a false positive. Mostly, the programs with no publisher are flagged as PUA. However, there is always a possibility that it’s a malware in the disguise and hence, it’s for you to decide if you want to remove it or include it to the exclusion list to continue installing the app. To make sure if the app is safe or not, which is usually a torrent client, verify if the download is from an official source and not from an unverified source.
Method 1: By Deleting the Services from the Windows Defender Folder
Step 1: Press the Win + E keys together on your keyboard to launch the File Explorer.
In the File Explorer window, navigate to the below location:
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service
Now, select all files and folders, and hit Delete.
Step 2: Once you are done deleting the files and folders, follow the below path to open the CacheManager folder:
C:\ProgramData\Microsoft\Windows Defender\Scans\Scans\History\CacheManager
Check if any files and folders are there in this folder, it should be empty.
Now, close the File Explorer.
Step 3: Search Windows security in the search box and then click on windows security from the search result.
Step 4: It opens the Windows Security home page.
Go to the right side of the window and click on Virus & threat protection.
Step 5: Next, on the right side of the window, check under the Current threats section.
It should show No current threats status.
This means, you have successfully removed the PUA: Win32 / Presenoker.
How to Identify If It’s False Positive
Sometimes, Windows Defender can flag even a safe item as a potential threat and mark it as Win32/Presenoker. This is a false positive situation and in such a case, you should know that the app is safe. Let’s see how to identify if it’s a false positive.
Step 1: Search Windows security in the search box and then click on windows security from the search result.
Step 2: Now, go to the right side of the window and under the Protection areas section, click on Virus & threat protection.
Step 5: It will open a new window.
On the right side of the window, under the Current threats section, navigate to the list of threats.
Step 6: Click on the See details under Win32/Presenoker option.
Step 7: Here, you can check which app is flagged as PUA: Win32/Presenoker.
If you can recognize the app then it’s safe, if not, then it’s certainly a harmful app.
Method 2: By Removing Win32/Presenoker Along with the App
Before you proceed to remove the Win32/Presenoker flag from your PC, you should also remove the app that’s been flagged, or the Windows Defender will keep pulling it up as the possible threat. Here’s how:
Step 1: Go to the Start menu and type Windows Security in the Windows search bar.
Step 2: Click on the result to open the Windows Security settings window.
Go to the right side of the window and select Virus & threat protection.
Step 3: On the right side of the window, under the Current threats section, you should see a list of flagged apps.
Step 4: Now, next to the Win32/Presenoker flag, click to expand Low.
Press the Yes button in the prompt to allow admin rights.
Step 5: Next, under the Action options, select Remove.
Step 6: Now, press the Start actions button.
Wait till the Windows Defender app removes the possible threat.
Step 7: Repeat the steps for the other apps that are flagged as Win32/Presenoker.
This will remove the threat along with the app from the Windows Defender app.