Jump to content
pnamajck

PUM.Optional.NoDrives …

Recommended Posts

environment:

win-10au (1607-14393.576) 64bit
windows-defender (auto-disabled)
avg (16.131.7924)
mbam (2.2.1.1043) free
default-login:  admin

am  wondering  if  PUM.Optional.NoDrives  is  false-positive  or  legitimate  threat.

here  on  support.malwarebytes … not  much  coverage  with  regard  to  PUM  offenses/detections … i  find  that  curious.  does  everyone  take  a  nilly-willy  approach  and  simply  white-list  or  remove  PUM  incidents?  and  what  do  they  base  their  decision  on?  i  have  read  mbam's  cursory  faq/PUM  article … and  thanks  for  that.

anyway … normal  routine  for  me  is  to  update/scan  mbam  every  time  i  boot  up.  two  days  ago,  after  update/scan … mbam  alerted  me  to  the  above  mentioned  PUM.  investigating  on  the  internet  i  found  only  one  article  regarding  a  "NoDrives"  registry  key (see url below).  the  article  never  stated  if  its  a  legitimate  key  or  not.  cutting  to  the  chase,  i  chose  mbam  "ignore once"  option … rebooted  and  update/scan  second  time … same  result (the key's binary value changes).

so,  my  question  is  this … should  i  white-list  the  detection  or  remove  it?  if  the  detection  reappears (after reboot) … would  it  then  be  a  candidate  for  white-list?

am  attaching  the  *.txt  file … this  file  was  the  result  after  running  "mbam.exe /developer"  at  command-line … thanks,  in  advance,  for  the  courtesy.

attempt_03.txt

ref:
https://technet.microsoft.com/en-us/library/cc938267.aspx
https://support.malwarebytes.com/customer/portal/articles/1834897-what-are-pum-detections-are-they-threats-and-should-they-be-deleted-?b_id=6438

Edited by pnamajck
text change

Share this post


Link to post
Share on other sites

Hi,

This policy is not created by default. A lot of malware used to created this policy in the past (AutoRun worms). However, some companies also set this policy.

This policy hides the drives from Windows explorer, so if you're not aware you've set this policy, I recommend you remove it. After all, removing this detection restores it back to default (which is 0) - which means, no drives are hidden.

 

Share this post


Link to post
Share on other sites

ah  i  see … thanks  for  the  speedy  reply,  miekiemmoes.

guess  i  am  curious  why  it  appeared  only  "now"  rather  than  "previously" … and  the  answer  for  that  is  because  mbam,  in  the  past,  never  perceived  the  key  as  a  threat.

in  any  case … i  will  have  mbam  remove  the  key … and  reboot/update/rescan  to  see  if  the  issue  has  been  resolved.

thanks  for  your  quick  assist,  mieke

Edited by pnamajck

Share this post


Link to post
Share on other sites

final  results  are  in,  miekiemoes:

after  forum … scannned  again (no update) … removed  infec.
scannned  again (no update) … clean.
rebooted … scannned  again (no update) … clean.
updated/scanned … clean.

issue  has  been  resolved.

i'd  like  to  thank  the  development  team  for  finally  catching  this  bug  with  the  latest  reference  files … god  knows  how  long  this  has  been  on  my  hard-drive!  i'd  also  like  to  thank  the  support  team (and mieke)  for  their  part  in  helping  consumers  isolate  and  remove  these  nasty  critters.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.