keyboardwiz

Changing the policies to quarantine PUPs seemed to do the trick for MindSpark and Ask.com. Another issue we're having is that one particular user is having folders generated on their behalf even after permanently deleting them from our server. Our users' application data is redirected via group policy to our server in their own folders. They appear like they should contain some files but are always empty.

New update: So we have two policies, one for PUP removal which checks the infected file for removal and then a normal one which doesn't. We've tried placing the workstations in question in the PUP removal group and it removes the threat only for it to come back again as you stated. What are the next steps?

Dyllon, Thanks for the explanation and screenshots. The problem I'm having, especially with the MindSpark extension, is how to add it to Malwarebytes so that it quarantines and deletes the threat since there are several variations of it. Do I have to add every iteration or can I include a wildcard in my filter? Please see my screenshots that are attached.

Every day when scans are run for users, several users come back with Malware Threats Detected. These generally include several lines of the following: PUP.Optional.ASK PUP.Optional.MindSpark PUP.Optional.WinYahoo PUP.Optional.MindSpark.Generic PUP.Optional.NotChromeRun While they aren't causing any real threat, I'd prefer if they just didn't show up at all. Is there a way to get rid of them and restrict them from coming back or at least just ignore them and treat them as false positives? I apologize if there is another thread with the same issue, but any help would be appreciated.