The Reason Microsoft Defender Considers CCleaner A 'Potentially Unwanted Application'

Windows 10 UAC - CCleaner installation

Popular and legitimate apps from well-known developers are famous and widely-used a variety of reasons.

But sometimes, even famous apps with high user trust and credibility can be considered doing what Microsoft thinks they shouldn't do. CCleaner is an example in this particular case.

The popular PC optimization app has been flagged as a ‘potentially unwanted software’ by Windows 10's Microsoft Defender (formerly Windows Defender).

Potentially unwanted software, or more commonly referred to as as potentially unwanted apps (or PUAs), they are apps aren't seen malicious, but seen capable of exhibiting doing behaviors of one kind or another.

Considered as "grayware" apps, PUAs can impact users' security and privacy in the future, or contribute to an increasing computing resources.

In this case, the CCleaner tool from Piriform comes bundled with extra bits and features, and also capable of stealthily installing some extras without users' consent.

In Microsoft's perspective, this kind of software may not harm users' PC in any way, but could prove an annoyance.

This is why the built-in protection system Microsoft Defender flags certain installers for the free and 14-day trial versions of CCleaner as PUAs.

On its announcement, Microsoft said that:

"Certain installers for free and 14-day trial versions of CCleaner come with bundled applications, including applications that are not required by CCleaner or produced by the same publisher Piriform. While the bundled applications themselves are legitimate, bundling of software, especially products from other providers, can result in unexpected software activity that can negatively impact user experiences. To protect Windows users, Microsoft Defender Antivirus detects CCleaner installers that exhibit this behavior as potentially unwanted applications (PUA). "

The bundled extras that come with CCleaner, include: Google Chrome browser, Google Toolbar, and Avast Free Antivirus plus AVG Antivirus Free (Piriform is owned by Avast, which also owns AVG).

Microsoft further stressed that those bundled apps are perfectly fine and not in any way created, developed and distributed to be malicious. But it's the way they are offered for installation which is problematic.

The company observes that while the CCleaner installation process does provide users a way to opt out of putting these extras on their PCs, but the judgment is that "some users can easily inadvertently install these bundled applications."

What's more, the software that comes bundled with the CCleaner installation can interfere with Microsoft's own solutions.

In an example, Microsoft pointed out that it is possible for Avast Free Antivirus to be downloaded and installed in the background, and that the software can result in Microsoft Defender being disabled. This is certainly something that Microsoft is trying to avoid and obviously not happy.

CCleaner trying to install Avast Free Antivirus
CCleaner trying to install Avast Free Antivirus during the app's installation process. (Credit: Microsoft)

According to Microsoft, users need to exercise caution when installing software like CCleaner to avoid unwanted applications that might be bundled with the installer.

Piriform as the developer of CCleaner, said that the issue has been resolved.

"We are in the process of engaging with Microsoft to understand why CCleaner was recently detected as PUA. We surmise the issue appears to be around bundling, and we believe we have addressed this so that our product is now no longer flagged,” said a CCleaner spokesperson.

This incident isn't the first time that Piriform's CCleaner has came across troubles with Microsoft.

Previously, back in 2017, CCleaner malware was discovered. According to Kaspersky Labs at the time, the malware consisted of two trojans: Trojan.Floxif and Trojan.Nyetya.

These trojans were inserted into the free versions of CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191. In order to plant the tampered CCleaner to CCleaner's servers, it's believed that the hackers compromised CCleaner's build environment.

CCleaner was also once blocked from being mentioned in the Microsoft Community forums.

Published: 
04/08/2020