[Solved] Group Policy registry keys detected as PUMs in Endpoint Protection (Malwarebytes) - BEST Antivirus KBS : Largest Anti-Malware Knowlegde Base and Support

After a threat scan, your Malwarebytes Endpoint Detection and Response software detects Group Policy registry keys as Potentially Unwanted Modifications (PUMs).

Cause

If you have a Group Policy enforced on your network, your Malwarebytes software assumes the Group Policy registry keys are Potentially Unwanted Modifications. If these registry keys were added with your permission, you may treat the detections as false positives.

Resolution

Add your Group Policy’s registry keys as exclusions in the Malwarebytes Nebula platform. Your Malwarebytes software does not scan any items that are added to exclusions.

Here is a list of Group Policy registry keys your Malwarebytes software may detect:

HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoStartMenuMorePrograms
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSetFolders
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFind
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoRun
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewContextMenu
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoToolbarCustomize
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoDrives
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispCPL
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispBackgroundPage
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispAppearancePage
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispScrSavPage
HKU\*\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|ConnectionsTab
HKU\*\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage
HKU\*\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SYSTEM|DisableCMD

There are wildcards (*) included in the registry keys above in place of user account names.

Microsoft Reference for All Group Policy Settings

Microsoft provides a reference list for all group policy settings here: Download Group Policy Settings Reference Spreadsheet Windows 1803 from Official Microsoft Download Center.

Malwarebytes Nebula platform

Configure exclusions for the Malwarebytes Nebula platform in Settings > Exclusions. Scroll down, then click Exclude a registry key (Windows). To see additional instructions, refer to the article Add or edit exclusions in Malwarebytes Nebula platform.

Source : Official Malwarebytes Brand
Editor by : BEST Antivirus KBS Team

(Visited 36 times, 1 visits today)

Group Policy registry keys detected as PUMs in Endpoint Protection (Malwarebytes)

Cause

Resolution

Microsoft Reference for All Group Policy Settings

Malwarebytes Nebula platform

About

Partners

Resources

Cause

Resolution

Microsoft Reference for All Group Policy Settings

Malwarebytes Nebula platform

Related Articles

All about Malwarebytes

Technical Add-on for Malwarebytes for Splunk

Malwarebytes Agentless Remediation app for Splunk

Relatórios de atividade de terminais na plataforma Nebula da Malwarebytes

Malwarebytes Endpoint Protection Product Lifecycle

Windows 2019-09 Security Update for Windows devices running Malwarebytes home products

About

Partners

Resources