PUA:WIN32/PRESENOKER is a detection name used by anti-virus programs Windows Defender. This detection name means your local Windows Defender anti-virus program has detected a potentially unwanted application (PUA) on your computer. These are generally not serious infections but due to their somewhat questionable bahaviour they are not recommended to be kept installed.


Recently, Windows Defender has started identifying PUAs as threats and deletes them. However, users have noticed that even after they remove PUA:WIN32/PRESENOKER with Windows Defender, it’s detected again during a scam. This happens multiple times, and it may be because even after Defender removes PUA:WIN32/PRESENOKER, it stays in Protection History. Essentially, the PUA is blocked from doing anything but still remains in Protection History. This seems to be an issue on Microsoft’s part and while you can solve the issue for a particular PUA that is being detected, you’ll need to wait for Microsoft to permanently fix this.

However, before you do anything else, you should scan your computer with a different, equally reliable anti-virus program to see if anything comes up. Windows Defender may be detecting something that is an actual issue but is unable to deal with it for some reason. Thus, a scan with another anti-virus software would help determine what’s going on.

You may not even realize that a PUA has been installed on your computer

Potentially unwanted programs often install via freeware bundles, meaning they come attached to free software as extra offers. When users install free programs, it’s very important that they check whether something has been added to the program. It there is something, it needs to be deselected. Many users are unable to deselect the offers simply because they do not notice that they’re attached. It’s very important to deselect the offers because they’re mostly junk that will only take up space on a computer. If users allow these unwanted installations to install all the time, their computers will be full of junk that is difficult to get rid of once installed.

In order to view whether something has been added to a program, users need to opt for Advanced (Custom) settings during freeware installation. Those settings will not only make the offers visible but also allow users to deselect everything. All users need to do is uncheck the boxes of the offers, and then continue the installation. Evidently, software bundling is a rather sneaky method, and programs that use it are usually classified as PUAs, which users should consider deleting.

Some PUAs are installed by users knowingly. They can be disguised as useful programs, or some may be falsely detected as PUAs by anti-virus programs. To avoid installing potentially unwanted programs, you should always research them before installing a program.


PUA:WIN32/PRESENOKER is a detection name used by Windows Defender, and the anti-virus program may repeatedly show you notifications about this PUA being detected. As we mentioned above, this may be an issue with how Windows Defender handles PUAs. It appears that instead of deleting them fully, Windows Defender leaves PUAs in Protection History. When it performs a scan, it also scans the history folder where the PUA is located, hence why it’s always detecting PUA:WIN32/PRESENOKER. According to GlenProuty from the Microsoft forum, you can deal with the repeating detection alert by deleting the item from Protection History so that Windows Defender no longer detects it. You can do that by going to C:\Program Data\Microsoft\Windows Defender\Scans\History\Service. If you delete “Detection History” in the Service folder, you should no longer get the alert. But keep in mind that this is a solution to this particular PUA detection. When your computer has another one, you’ll have to do the same thing again. Essentially, this will go on until Microsoft fixes how it deals with PUAs.

Just as a precaution, it’s a good idea to scan the computer with another anti-virus program. If you scan with a reputable anti-virus program and nothing comes up, it’s probably an issue with Windows Defender. However, in case this isn’t an erroneous detection by Defender, the other anti-virus program may detect and delete PUA:WIN32/PRESENOKER.


You can find more information about WiperSoft on its official website, and find its uninstallation instructions here. Before installing, please familiarize yourself with WiperSoft EULA and Privacy Policy. WiperSoft will detect malware for free and gives Free trail to remove it.

  • WiperSoft

    WiperSoft is an anti-virus program with real-time threat detection and malware removal features. It detects all types of computer threats, from adware and browser hijackers to trojans, and easily removes them.

  • Combo Cleaner

    ComboCleaner is an anti-virus and system optimization program for Mac computers. The program will keep your Mac secure from different types of malware, as well as clean it to keep it running smoothly.

  • MalwareBytes

    Malwarebytes is a powerful anti-virus program that detects and removes all types of malware, as well as less serious threats like adware and browser hijackers. It has both free and paid versions.


You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *