Specification: PUA Allowlisting with User Warnings

[denelon]

📖 Description

Specification for a tiered PUA classification system enabling legitimate software (RustDesk, Malwarebytes, etc.) to be published to winget-pkgs with governed allowlisting, client-side warnings, and Group Policy controls. Includes manifest schema extension, validation pipeline changes, and enterprise policy management.

Changes addressing review feedback (June 22):

• Removed version-specific numbers from headings and schema version reference
• Rewrote allowlist governance to use the existing waiver system (human validation by Microsoft maintainer via PR label, not a policy bot config or community-maintained YAML file)
• Fixed --silent behavior: only affects installer switches, does not suppress PUA warnings
• Added --ignore-warnings support for suppressing PUA warning output
• Replaced --include-security with existing --details flag for PUA info in show/search/list
• Clarified PUA categories are derived from various AV vendors (Defender, ESET, K7, Malwarebytes, etc.), not a single source
• Documented waiver flow: validation pipeline applies label → Microsoft maintainer reviews → waiver granted internally

Authored with GitHub Copilot assistance.

🔗 References

Related Issues:

• WinGet can report on PUA coming from the "winget" source #6189
• Remote Access tools (PUA) #6107
• PUA: Encrypted file detections should not block legitimate packages #6250

🔍 Validation

Spec document — no code changes to validate.

✅ Checklist

• Signed the Contributor License Agreement
• Linked to an issue
• Updated Release Notes (if applicable)
• Updated documentation (if applicable)
• Updated Copilot instructions (if build, architecture, or conventions changed)

📋 Issue Type

• Bug fix
• Feature
• Task

Microsoft Reviewers: Open in CodeFlow

[Trenly]

Remove version

[Trenly]

Clarify if this file is maintained by automation, or manually. What edit restrictions need to be placed on it at pkgs?

[Trenly]

--silent does not currently control any CLI behavior as far as I'm aware, it only uses the silent installer switches. Confirm if the two behaviors should be mixed

[Trenly]

Missing --ignore-warnings

[Trenly]

Why not --details ?

[Trenly]

Remove version information

[pl4nty]

Most of the detections I've encountered have been K7 and ESET (via ScanX?), rather than Defender. eg RustDesk is flagged by ESET, Malwarebytes by K7

I'm really glad to see progress on this feature!

[pl4nty]

Also, sometimes specific versions slip through. winget-pkgs ends up with old or vulnerable versions

[pl4nty]

Does ScanX or something else define these categories? At the moment, public contributors just see the detection name, which seems to vary wildly across vendors

[pl4nty]

Would these reviews be triggered automatically, and/or in public?

[github-actions]

@check-spelling-bot Report

🔴 Please review

See the 📂 files view, the 📜action log, or 📝 job summary for details.

Unrecognized words (8)

AGPL
Bundleware
ESET
Keyloggers
Malwarebytes
rustdesk
upvotes
waivered

These words are not needed and should be removed

AAD ABCD abi ACL'd AMap Amd appdata ARMNT asan Baz bitmask bluetooth boundparms brk Buf certs cgi CMSG codepage commandline constexpr Cov cswinrt CTL Dbg Dcom decompressor dedupe DEFT devhome Dns dsc ERANGE errcode errmsg errstr filemode Finalizers FULLWIDTH fuzzer GES github Hackathon HINSTANCE hlocal hmac Hyperlink ICONDIR icu idx img inet Intelli iwr JDK LCID lhs LONGLONG LPBYTE LPCWSTR LPDWORD LPSTR LPVOID LPWSTR MAJORVERSION MAXLENGTH maxvalue MDs MINORVERSION mta nlohmann NONAME NOUPDATE NTFS ofile oid oop OPTOUT outfile OUTOFMEMORY PARAMETERMAP pdb PDWORD pid PKCS pkix placeholders positionals posix pscustomobject pseudocode PSHOST publickey qword redirector regexes remoting reparse REQS rhs rowid RTTI runspace runtimes SARL savepoint Scm sid sqlite subdir subkey trimstart ttl typedef uninitialize uninstallation UNMARSHALING userprofile versioned Webserver website wildcards winreg WMI workaround Wpp wsl

To accept these unrecognized words as correct and remove the previously acknowledged and now absent words, you could run the following commands

... in a clone of the git@github.com:denelon/winget-cli.git repository
on the spec/pua-allowlisting branch (ℹ️ how do I use this?):

curl -s -S -L 'https://raw.githubusercontent.com/check-spelling/check-spelling/v0.0.26/apply.pl' |
perl - 'https://github.com/microsoft/winget-cli/actions/runs/27971972268/attempts/1' &&
git commit -m 'Update check-spelling metadata'

Pattern suggestions ✂️ (2)

You could add these patterns to .github/actions/spelling/patterns.txt:

# Automatically suggested patterns

# hit-count: 1 file-count: 1
# assign regex
= /[^*].*?(?:[a-z]{3,}|[A-Z]{3,}|[A-Z][a-z]{2,}).*/[gi]?(?=\W|$)

# hit-count: 1 file-count: 1
# regex choice
\(\?:[^)]+\|[^)]+\)

Alternatively, if a pattern suggestion doesn't make sense for this project, add a # to the beginning of the line in the candidates file with the pattern to stop suggesting it.

Warnings and Notices ⚠️ (2)

See the 📂 files view, the 📜action log, or 📝 job summary for details.

⚠️ Warnings and Notices	Count
ℹ️ candidate-pattern	2
⚠️ unexpected-line-ending	2

See ⚠️ Event descriptions for more information.

If the flagged items are 🤯 false positives

If items relate to a ...

• binary file (or some other file you wouldn't want to check at all).

  Please add a file path to the excludes.txt file matching the containing file.

  File paths are Perl 5 Regular Expressions - you can test yours before committing to verify it will match your files.

  ^ refers to the file's path from the root of the repository, so ^README\.md$ would exclude README.md (on whichever branch you're using).

• well-formed pattern.

  If you can write a pattern that would match it,
  try adding it to the patterns.txt file.

  Patterns are Perl 5 Regular Expressions - you can test yours before committing to verify it will match your lines.

  Note that patterns can't match multiline strings.