Potentially Unwanted Programs (PUP) Criteria

The following policy describes what Reason Core Security may consider to be PUPs, or potentially unwanted programs, including adware. The list below describes unwanted or bad behaviors that an application might exhibit which could be used to classify it as a PUP. While some PUPs exhibit multiple criteria defined below, other may contain just one behavior that might classify it.

General Criteria
  • The software installation process should be straightforward, easy-to-understand, and based on clear choices made by the user. It should present a value proposition to the user, behave as expected and avoid misrepresentation.
  • It should be easy for users to disable or uninstall software.
  • After installation, the program should not download or install additional software, or make system settings changes, beyond what was offered during the initial installation, unless it is doing so at the explicit, informed direction of the user.
  • Software that collects or transmits a user’s personal information must be transparent about doing so.
Advertising Criteria

Excessive or obtrusive advertising - A program contains 'excessive' or obtrusive ads that blocks normal content that is not associated with the installing program in a non-standard location. If the ad hides content on a web page and/or the pop-up ad contains a close option that is too close to the ad itself and might inadvertently be clicked on by the end user.

Malvertising ads - The program syndicates or directly displays any ads for other programs that are deemed malicious or rightfully detected by any anti-virus software.

Pop-ups and Pop-unders - The program displays any popups through the web browser or external to the browser in another browser window that is either triggered by the program or through injected code in the browser.

Ad insertion - The program injects advertisements in web pages that do not directly belong to the program or are under explicit control of the program. This could include injecting banner ads in the top or bottom of a web browser page or injecting context text-link ads (ads that underline various words in the HTML of the page and provide a rollover advertisement).

Ad overlays - The program inject or overlay an ad on top of a legitimate existing advertisement on a web page.

Ad replacement - The program replaces the legitimate native advertisement of a web page that is not in explicit control of the program publisher with a new ads.

Ads without attribution - An ad is included in a web page that is generated from the program's web browser extension, add-in or background process and does not contain clear attribution as to the ad's provider or host.

Page-click redirections - The program monitors web page clicks and redirects or opens a new browser window to display some form of advertisement.

Competitive redirection - The program in any way modifies the expect link or modifies the redirection or a hyperlink to a competitor web site instead of the desired page a user expected.

Proxy trapping - The programs installs a proxy server that is used by the browser and modifies in any way the normally expected rendered web page. This includes injecting ads or search results, etc.

Adds desktop shortcuts to unrelated products - The program ads shortcuts on the users desktop to unrelated or partner programs that were not installed or are just advertisements.

Control Criteria

Prevention - The programs manipulates the user's ability to control the standard features of the operating system. This includes limiting a user from being able to modify their browser extensions or add-ons to adding a policy to prevent various applications from running. It also includes, but is not limited to the following control behaviors:

  • Group policy or App Locker policy to prevent a file, directory or publisher to execute. Please note, there are exceptions for various security products.
  • Disabling the use of browser extension manager or other web browser related security features. This also includes manipulation of the web browser's policies through non-standard APIs.
  • Removing control of the Internet settings proxy server which includes preventing the user from making modifications or removing a proxy setting.
  • If the program limits a user’s ability to choose their default search provider or other browser asset. This could be through additional questioning when a user tries to change their default search provider or through OS manipulation. Programs should also not limit the user’s ability to change their default home page by adding additional questioning for the user.

Browser Criteria

Bypassing built in consent - The program blocks or bypasses a browser’s built-in consent-to-enable feature. This includes consent to download or install an add-on or extension. Programs can not bypass or try to suppress any other of the browser's built in protection dialogs.

Toolbars with little or no value - The program is a toolbar or web browser extension/add-on (depending on the browser) and brings little to no value other than pushing advertisements or modifying the browser's search, home or tab pages. This also includes extensions that are installed across all browsers and offer low value to the user except for advertising.

Modifying search results - The search results are altered in any way by the application, regardless of the how the program is technically implemented. This includes any results from non-operated search portals that have results modified in any way.

Inserting search results - The program inserts additional search results in a search portal. This could also include modifying the legitimate ads on a search portals ad section with new advertisements.

Content injection - The browser extension modifies a web page in any way that is not expected from the end user (regardless of they agreed with it in the EULA/Terms of Service). This could include adding additional content or removing content from a web page not operated by the program.

Home page hijacking - The home page of the user's web browser is modified, this includes the default browser as well as all browsers without ample user consent.

Search hijacking - The search page or search provider of the user's web browser is modified, this includes the default browser as well as all browsers without ample user consent.

Asset protection - The browser's assets (search, home page, etc.) are protected and prevented from the user or another program making a modification to it. Any program using code that can potentially perform asset protection may be detected, regardless of whether the code is active.

Bookmark insertion - The program adds an unsolicited bookmarks to the user's web browsers.

Browser extensions that are hidden - The browser extension or add-on is not easily visible in the browser's default add-on manager and cannot therefore be managed or uninstalled by the browser. This also includes extensions that are protected or greyed-out in the browser manager.

Browser extensions with misleading names - The browser extension is not clearly named or easily identifiable by the end user, or is misnamed to confuse the user.

Bundling Criteria

Bundles by a 3rd-party program - The software is bundled by another program such as a download manager and is included with another potentially unwanted program within the bundle.

Bundles 3rd-party programs - The program's installer bundles additional software including any identified as unwanted. This includes bundling any form of PUP, adware or malicious program regardless if the program includes the EULA or Terms of Service.

  • As part of the install flow, any bundled software must be clearly disclosed. No software should be installed silently without the user’s permission.
  • At the time of installation, all principal and significant functions of the software should be described in clear and straightforward language that is clearly visible and easy to read on the screen.
  • The user must have a meaningful opportunity to review and approve all principal and significant proposed installation options and system changes. For example, at the time of installation, the software might list each of the proposed settings changes, and note that the program collects the user’s personal data, with links to learn more about each of the changes.
  • If any program includes any third-party software, the author is responsible for obtaining proper bundling authorization from the third party.
  • The software and download page must contain a link to an End User License Agreement (EULA) or Terms of Service (TOS).
Additional Criteria

Creating excessive desktop shortcuts - The program adds excessive shortcuts on the desktop.

Programs that do not have a standard uninstall procedure - The program does not includes a standard uninstall procedure listed in Windows Add/Remove programs. This also includes programs that require an additional uninstaller to be downloaded.

Programs that do not have an uninstall procedure - The program has no form of uninstall procedure or the uninstall procedure does not work or the program uses any features that prevents it from being easily removed.

Non-standard install locations - The program does not install itself in a standard location in Windows such as the Programs Folder. This include programs installing components into temporary or system directories.

Self protection - The program contains any process or background procedure including startup execution points designed to prevent the process from being removed or stopped or contains any mechanism designed to make uninstallation or removal more difficult by reinstalling the main application if it is removed. This also includes programs that attempt in any way to prevent anti-virus programs from removing it if it was detected by the program and removal was initiated by the end user.

Optimizers, Cleaners, Updaters, Tech Support Criteria

False errors - The program scans and finds excessive false errors designed to entice a user to purchase a subscription. This behavior may qualify for a PUP classification.

Unscrupulous tech support - The program pushes the user in various unethical manners to call a 'support' number with the intention of misleading the user to purchase a support package.

Deceptive behaviors - Before and during the install process, the software must not engage in deceptive behaviors. The software cannot make false or misleading claims about the state of the user's computer. For example, misleading claims related to system performance, system optimization, a new version of a plugin, etc. The software cannot claim or imply to be official software from a company or a partner of the company if that is not the case.

PUP Reconsideration Request

Do you feel your software is falsely being classified as a PUP and would like it removed?
If you want to submit your application for reconsideration, please email [email protected]