Jump to content

Recommended Posts

Is it possible to exclude the PUM object type 'NoSMHelp' from being flagged and removed?

 

Our current policies have the scanner action for PUMs set to 'Show in results and check for removal'. I of course understand that changing the action to 'Show in results list and do not check for removal' or 'Do not show in results list' will exclude it, but this is undesired as we do want PUMs to be logged and flagged for removal; just not 'PUM.Optional.NoSMHelp'.

 

I also understand that we could find the object in the threat list and right-click the object and select 'exclude this object' or manually add it to the ignore list. However, the object itself is going to be for the specific user account, with a unique SID, under which the scanner detected the setting. With this scenario, the exclusion would only apply to that specific user account on that specific machine. The exclusion would not apply to other machines or accounts as the SID in the registry entry would be different for every user on every machine. This is simply unsustainable over time.

 

Even though I am fairly certain this wouldn't work... could editing the ignore list entry to replace the SID with an asterisk work? e.g.



HKEY_USERS\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp


Or would simply adding 'PUM.Optional.NoSMHelp' to the ignore list accomplish it?

 

Any assistance will be greatly appreciated.

Link to post
Share on other sites

Hey Imperator,

 

What version of the management console/management client are you on? If you open up the management console and look in the bottom left, you will see the version number written out there. In version 1.6.1, we put in the ability to add wildcard registration entries like the one you put above. So if you do have version 1.6.1, you can simply put in what you wanted to enter in:

 

HKEY_USERS\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp

 

That will exclude it on all user accounts on the machines.

 

If you are not on 1.6.1, you will just need to update to that and push the new managed client and anti-malware client version to the computer. You can use the instructions here for that:

 

https://support.malwarebytes.org/customer/en/portal/articles/1835539-how-do-i-upgrade-to-the-latest-version-of-the-malwarebytes-management-console-?b_id=6401

 

Thank you,

 

Ron S

Link to post
Share on other sites
  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.