Group Policy registry keys detected as Potentially Unwanted Modifications

Document created by jross Employee on May 16, 2017Last modified by jgolomb on Sep 11, 2018
Version 19Show Document
  • View in full screen mode

After a threat scan, your Malwarebytes for Business software detects Group Policy registry keys as Potentially Unwanted Modifications (PUMs).

 

Cause

If you have a Group Policy enforced on your network, your Malwarebytes software assumes the Group Policy registry keys are Potentially Unwanted Modifications.  If these registry keys were added with your permission, you may treat the detections as false positives.

 

Resolution

Add your Group Policy's registry keys as exclusions in the Malwarebytes Management Console or the Malwarebytes cloud console.  Your Malwarebytes software does not scan any items that are added to exclusions.

 

Here is a list of Group Policy registry keys your Malwarebytes software may detect:

HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoStartMenuMorePrograms
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSetFolders
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFind
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoRun
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewContextMenu
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoToolbarCustomize
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoDrives
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispCPL
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispBackgroundPage
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispAppearancePage
HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispScrSavPage
HKU\*\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|ConnectionsTab
HKU\*\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage
HKU\*\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SYSTEM|DisableCMD

 

There are wildcards (*) included in the registry keys above in place of user account names.  To use wildcards with Malwarebytes Endpoint Security, you must have Malwarebytes Management Console client communicator v1.6.1.2897 or higher and Anti-Malware v1.80.1.1011.

 

Microsoft Reference for All Group Policy Settings

Microsoft provides a reference list for all group policy settings here: Download Group Policy Settings Reference Spreadsheet Windows 1803 from Official Microsoft Download Center.

 

Malwarebytes Management Console

To add exclusions in the Malwarebytes Management Console, click the Policy tab.  Choose the policy you want to edit, then click the Ignore List tab.  For more information, refer to the article Add exclusions to the Malwarebytes Management Console.

 

Malwarebytes cloud console

Configure exclusions for the Malwarebytes cloud console in Settings > Exclusions.  Scroll down, then click Exclude a registry key (Windows).  To see additional instructions, refer to the article Add exclusions to the Malwarebytes cloud console.

 

Additional information

Attachments

    Outcomes