False Positive - Registry Entries?

[contrawise]

Sorry to ask here, but haven't found another place to ask.  If there's a better place, I'm happy to ask there. 

 

Malwarebytes seems to be identifying some legitmate registry entries as suspicious: 

 

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER\AntiVirusDisableNotify

\ " \ " \ " \FirewallDisableNotify

\ " \ " \ " \UpdatesDisableNotify

 

It appears that the above is the entry for 64-bit machines.  The similar entry on 32-bit machines - the same, except without the "WOW6432NODE" string - is also quarantined. 

 

Reading from a handful of sites, these entries seem to be legit.  What can you tell us? 

 

TIA ... !

 

[miekiemoes]

Hi,

 

We aren't detecting the keys, but the valuedata instead, where we alert when there have been modifications to this valuedata. So, if it was detected in your case, it means that the valuedata has been changed to non-default set by Windows or either corrupted.

So malwarebytes fixes this. In case you made the modifications yourself - it means you have the knowledge how and why you modified this, so you should also already know not to select for quarantine in malwarebytes, but ignore and add to the malwarebytes whitelist instead.

[contrawise]

Thanks - very helpful.  Turns out that the values had been changed by someone else here, without my knowledge.  I'll whitelist the entries.