Potentially Unwanted Modification examples and recommendations

Document created by dshull Employee on May 11, 2017Last modified by bgoddard on Sep 27, 2019
Version 4Show Document
  • View in full screen mode

PUM stands for Potentially Unwanted Modification. These are modifications made from their default settings in Windows.


Some PUM examples would be ForceClassicControlPanel or NoViewContextMenu.


In a business environment it is not uncommon for these changes to be a part of your Group Policy.  Before removing PUMs, please check to see if these changes are a part of your policies. If they are, you can add these to your ignore list.


Since these detections are per user, you will need to use a wildcard in the registry entry to make sure it is ignored on all systems in a policy.


Using one of the examples from before, it may show up as:



The long section starting with S is the SID. We'll replace this with an asterisk:



This will now properly ignore the entry for all users and all computers using the policy this was entered into.