A technique allows a user client to receive a software product from a server. The user client may determine if the software product includes other potentially unwanted programs by reading one or more graphical user interface instances that are created during installation of the software product. The graphical user interface instances are read to identify information related to software identifiers of the software product and of potentially unwanted programs. A signature file may be received from a third-party server. The software identifiers of the software product and potentially unwanted programs can be checked against the signature file during installation of the software product in order to identify the presence of potentially unwanted programs that may be bundled with software product.