Jump to content

Malwarebytes cleaning things that I told it to ignore...


Recommended Posts

Recently Malwarebytes Enterprise started detecting the following as a threat and correcting it "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig". However, we have system restore points disabled through Group Policy (always have). This caused us issues as the size of my SQL database shot up as scores of new detections rolled in making everything unstable. We shutdown the VM and assisgned more resources to it to compensate for the suddenly inflated SQL database size.

 

Once I was able to get back in I added that key to the ignore list of ALL polices that we have deployed. Yet still I come in each morning and check threat view and see it is being detected and removed/fixed. Obviously group policy is just going to keep reapplying it. I need it to stop.

 

 

Link to post
Share on other sites

  • Staff

Hey Averum,

 

I would like to see some logs of the clients that are finding the GPO setting to see what could be causing this. I would like to create an case in our ticketing system to process this easier. Do you mind sending me a PM with your e-mail so I can create a case and send you instructions on what to grab?

 

Thank you,

 

Ron S

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.