Group Policy registry keys detected as Potentially Unwanted Modifications

Version 16

    After a threat scan, your Malwarebytes for Business software detects Group Policy registry keys as Potentially Unwanted Modifications (PUMs).

     

    Cause

    If you have a Group Policy enforced on your network, your Malwarebytes software assumes the Group Policy registry keys are Potentially Unwanted Modifications.  If these registry keys were added with your permission, you may treat the detections as false positives.

     

    Resolution

    Add your Group Policy's registry keys as exclusions in the Malwarebytes Management Console or the Malwarebytes cloud console.  Your Malwarebytes software does not scan any items that are added to exclusions.

     

    Here is a list of Group Policy registry keys your Malwarebytes software may detect:

    HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoStartMenuMorePrograms
    HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSetFolders
    HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFind
    HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp
    HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoRun
    HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewContextMenu
    HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoToolbarCustomize
    HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer
    HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoDrives
    HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn
    HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools
    HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispCPL
    HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispBackgroundPage
    HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispAppearancePage
    HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispScrSavPage
    HKU\*\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|ConnectionsTab
    HKU\*\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage
    HKU\*\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SYSTEM|DisableCMD

     

    There are wildcards (*) included in the registry keys above in place of user account names.  To use wildcards with Malwarebytes Endpoint Security, you must have Malwarebytes Management Console client communicator v1.6.1.2897 and Anti-Malware v1.80.1.1011.

     

    Malwarebytes Management Console

    To add exclusions in the Malwarebytes Management Console, click the Policy tab.  Choose the policy you want to edit, then click the Ignore List tab.  For more information, refer to the article Add exclusions to the Malwarebytes Management Console.

     

    Malwarebytes cloud console

    Configure exclusions for the Malwarebytes cloud console in Settings > Exclusions.  Scroll down, then click Exclude a registry key (Windows).  To see additional instructions, refer to the article Add exclusions to the Malwarebytes cloud console.

     

    Additional information