PUABundler:Win32/PiriformBundler is a Microsoft Defender PUA detection for Piriform-related installers that include bundled offers or behaviors Microsoft classifies as potentially unwanted. It does not mean every Piriform app is malware, but it does mean the specific installer package should be treated carefully.
Should you remove PiriformBundler?
- Yes, remove the flagged installer on a normal PC.
- The issue is usually optional bundled offers or a wrapper around a utility installer.
- Do not restore it just to finish setup.
- After removal, check recently added apps, extensions, notifications, startup entries, and scheduled tasks.
| Detection | PUA:Win32/PiriformBundler / PUABundler:Win32/PiriformBundler |
| Detected by | Microsoft Defender Antivirus |
| Type | Potentially unwanted application bundler |
| Best action | Remove the flagged installer and check for bundled components |
What is PiriformBundler?
Microsoft Security Intelligence says Defender detects Piriform installers that exhibit bundled behavior as potentially unwanted applications. The detection focuses on the installer behavior and optional components, not necessarily the final utility alone.
Is it safe or a false positive?
It may feel like a false positive if you intentionally downloaded a known utility, but the safer action is to remove the flagged installer and download only from the official source. Third-party mirrors and old installers are more likely to include unwanted offers.
How to remove PUABundler:Win32/PiriformBundler
- Choose Remove or Quarantine in Windows Security.
- Delete the installer that triggered the detection.
- Uninstall any optional apps installed with it.
- Check browser extensions and default search settings.
- Restart and run a full Defender scan.
If the bundle also installed an unexpected Chromium-style browser, remove that browser separately; for example, follow the Wave Browser removal guide when Wave appears in Apps, startup entries, or browser defaults.
After uninstalling the suspicious app or deleting the visible threat, use Gridinsoft Anti-Malware to check hidden files, startup entries, scheduled tasks, bundled apps, browser changes, and other persistence points that can restore malware.
Download Anti-MalwareFAQ
Does this mean CCleaner or another Piriform app is malware?
No. The detection is about potentially unwanted bundled installer behavior. Still, remove the flagged package.
Why does Defender keep detecting it?
An old installer may still be in Downloads, Temp, a backup folder, or a compressed archive.
Can I add an exclusion?
Not recommended. Use a clean current installer instead of excluding a flagged bundle.
Source: Microsoft Security Intelligence description for PUA:Win32/PiriformBundler.
