PUA:Win32/FRProxy is a Microsoft Defender detection for potentially unwanted software that may be related to proxy, traffic-routing, or bundled behavior. The important question is whether it was installed knowingly or arrived with another program.
What is PUA:Win32/FRProxy?
FRProxy is classified as a potentially unwanted application. Detections like this often appear when software changes network/proxy settings, routes traffic, installs hidden components, or arrives through a bundled installer. It may not look like a traditional Trojan, but it can still affect privacy, browser behavior, and network reliability.
What to check first
- Open Defender Protection history and note the detected path.
- Check whether the file belongs to a program you knowingly installed.
- Open Windows proxy settings and look for unknown proxy configuration.
- Review installed apps sorted by date.
- Check browser extensions, startup entries, and scheduled tasks.
How to remove FRProxy
- Quarantine the detected file in Defender.
- Uninstall suspicious VPN/proxy tools, download managers, or bundled software.
- Reset Windows proxy settings if an unknown proxy is configured.
- Remove unknown browser extensions and notification permissions.
- Run a full scan and reboot.
- After reboot, confirm the proxy setting and detection did not return.
Could it be legitimate?
Some legitimate tools use proxy-like behavior, but they should be clearly installed, signed, and documented. If you do not recognize the app or it arrived with a bundle, treat the detection as unwanted and remove it.
FAQ
Is FRProxy a Trojan?
Defender usually classifies it as PUA, not necessarily a Trojan. Still, unwanted proxy or traffic-routing behavior should not be ignored.
Can FRProxy change my internet settings?
It may be related to proxy/network changes. Check Windows proxy settings and remove unknown configurations.
Why did it come back?
A startup entry, scheduled task, or bundled app may be reinstalling it. Remove the parent app, not only the detected file.
Leave a Comment