Microsoft is adding a new opt-in defense for enterprises to block adware, which is often sneakily wrapped into free downloads.
Adware is often classified as a potentially unwanted application, or PUA, an industry term for applications that aren't necessarily malware but could be a security or performance risk.
"These applications can increase the risk of your network being infected with malware, cause malware infections to be harder to identify among the noise, and can waste helpdesk, IT, and user time cleaning up the applications," according to a Microsoft blog post.
The feature, which will be in the company's System Center Endpoint Protection and Forefront Endpoint Protection products, is opt-in, meaning administrators will have to turn it on. PUAs will be blocked and quarantined under the default setup.
The best policy for enterprises is to also warn their users about not downloading PUAs in the first place, Microsoft said.
PUAs have been a contentious category of applications. At times, some antivirus programs have aggressively removed some of them, only to face complaints from developers contending that they're not malicious.
It can be a tough position for security companies given how advertising can be a delivery mechanism for malware.
"Since the stakes are higher in an enterprise environment, the potential disaster that PUA brings can be a cause of concern," according to Microsoft.