Management Console: What is a PUM detection and how do I deal with it?

Document created by drossler Employee on May 9, 2017Last modified by jyamada on Jun 8, 2017
Version 3Show Document
  • View in full screen mode

PUM stands for Potentially Unwanted Modification. These are modifications made from their default settings in Windows.  Some examples, would be ForceClassicControlPanel or NoViewContextMenu.

 

In a business environment, it is not uncommon for these changes to be a part of your Group Policy.

 

Before removing PUMs, please check to see if these changes are a part of your policies. If they are, you can add these to your ignore list.

 

Since these detections are per user, you will need to use a wildcard in the registry entry to make sure it is ignored on all systems in a policy.

Using one of the examples from before, it may show up as:

HKU\S-1-5-80-1985561900-798682989-2213159822-1904180398-3434236965\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewContextMenu

The long section starting with S is the SID. We'll replace this with an asterisk:

HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewContextMenu

This will now properly ignore the entry for all users and all PCs using the policy this was entered into.

Attachments

    Outcomes