Jump to content

"PUM.Optional.NoDispScrSavPage" threat detected


Recommended Posts

Hi,

A computer at our workplace has a threat detected named "PUM.Optional.NoDispScrSavPage". It didn't quarantine it in the Malwarebytes Management Console. I'm not sure exactly what this is about. Can anybody give more information about this? See attached screenshot from the console.

noscrsav.thumb.JPG.01e6140582580a2e34bfd5485a98ed49.JPG

Link to post
Share on other sites
  • Staff

MBAM agent 1.80.x is indiscriminate when it comes to any registry modifications. It will hit on your legit GPO enforcement's. Add your GPO registry key to the Policy → Ignore list, replacing the account SID‘s with the * wildcard. Note that only console and client communicator 1.6.1.2897 and above with Anti-Malware 1.80.1.1011 and above, supports this wildcard in the middle of a string, and only for registry keys.

Here’s a list I made of all the gpo changes I’ve seen get tagged as pum: 
hku\*\software\microsoft\windows\currentversion\policies\explorer|NoStartMenuMorePrograms
hku\*\software\microsoft\windows\currentversion\policies\explorer|NoSetFolders
hku\*\software\microsoft\windows\currentversion\policies\explorer|NoFind
hku\*\software\microsoft\windows\currentversion\policies\explorer|NoSMHelp
hku\*\software\microsoft\windows\currentversion\policies\explorer|NoRun
hku\*\software\microsoft\windows\currentversion\policies\explorer|NoViewContextMenu
hku\*\software\microsoft\windows\currentversion\policies\explorer|NoToolbarCustomize
hku\*\software\microsoft\windows\currentversion\policies\explorer|NoPropertiesMyComputer
hku\*\software\microsoft\windows\currentversion\policies\explorer|NoDrives
hku\*\software\microsoft\windows\currentversion\policies\explorer|ForceActiveDesktopOn
hku\*\software\microsoft\windows\currentversion\policies\system|DisableRegistryTools
hku\*\software\microsoft\windows\currentversion\policies\system|NoDispCPL
hku\*\software\microsoft\windows\currentversion\policies\system|NoDispBackgroundPage
hku\*\software\microsoft\windows\currentversion\policies\system|NoDispAppearancePage
hku\*\software\microsoft\windows\currentversion\policies\system|NoDispScrSavPage
hku\*\software\policies\microsoft\internet explorer\control panel|ConnectionsTab
hku\*\software\policies\microsoft\internet explorer\control panel|HomePage
hku\*\software\policies\microsoft\windows\system|DisableCMD
 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.