What is a PUM detection and how do I deal with it?

Document created by dshull Employee on May 11, 2017Last modified by jyamada on Jun 11, 2017
Version 2Show Document
  • View in full screen mode

PUM stands for Potentially Unwanted Modification. These are modifications made from their default settings in Windows.

 

Some PUM examples would be ForceClassicControlPanel or NoViewContextMenu.

 

In a business environment it is not uncommon for these changes to be a part of your Group Policy.  Before removing PUMs, please check to see if these changes are a part of your policies. If they are, you can add these to your ignore list.

 

Since these detections are per user, you will need to use a wildcard in the registry entry to make sure it is ignored on all systems in a policy.

 

Using one of the examples from before, it may show up as:

HKU\S-1-5-80-1985561900-798682989-2213159822-1904180398-3434236965\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewContextMenu

 

The long section starting with S is the SID. We'll replace this with an asterisk:

HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewContextMenu

 

This will now properly ignore the entry for all users and all computers using the policy this was entered into.

Attachments

    Outcomes