Jump to content

False Positive - Registry Entries?


contrawise
 Share

Recommended Posts

Sorry to ask here, but haven't found another place to ask.  If there's a better place, I'm happy to ask there. 

 

Malwarebytes seems to be identifying some legitmate registry entries as suspicious: 

 

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER\AntiVirusDisableNotify

\ " \ " \ " \FirewallDisableNotify

\ " \ " \ " \UpdatesDisableNotify

 

It appears that the above is the entry for 64-bit machines.  The similar entry on 32-bit machines - the same, except without the "WOW6432NODE" string - is also quarantined. 

 

Reading from a handful of sites, these entries seem to be legit.  What can you tell us? 

 

TIA ... !

 

Link to post
Share on other sites

  • Staff

Hi,

 

We aren't detecting the keys, but the valuedata instead, where we alert when there have been modifications to this valuedata. So, if it was detected in your case, it means that the valuedata has been changed to non-default set by Windows or either corrupted.

So malwarebytes fixes this. In case you made the modifications yourself - it means you have the knowledge how and why you modified this, so you should also already know not to select for quarantine in malwarebytes, but ignore and add to the malwarebytes whitelist instead.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.