Malwarebytes cleaning things that I told it to ignore...

[Averum]

Recently Malwarebytes Enterprise started detecting the following as a threat and correcting it "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig". However, we have system restore points disabled through Group Policy (always have). This caused us issues as the size of my SQL database shot up as scores of new detections rolled in making everything unstable. We shutdown the VM and assisgned more resources to it to compensate for the suddenly inflated SQL database size.

 

Once I was able to get back in I added that key to the ignore list of ALL polices that we have deployed. Yet still I come in each morning and check threat view and see it is being detected and removed/fixed. Obviously group policy is just going to keep reapplying it. I need it to stop.

 

 

[Rsullinger]

Hey Averum,

 

I would like to see some logs of the clients that are finding the GPO setting to see what could be causing this. I would like to create an case in our ticketing system to process this easier. Do you mind sending me a PM with your e-mail so I can create a case and send you instructions on what to grab?

 

Thank you,

 

Ron S