Jump to content

Clear Threate View

Recommended Posts

Hi, I am in process of clearing up all the PUMs I deem as false positives. We currently have 18,000 alerts in threat view which I believe I have added most of these to the ignore list. I would like to know how to clear all these in bulk as the Page "All" option does not show me all threats to then highlight and remove. Any advice? Sure it's a simple option somewhere.

Link to post
Share on other sites

Hi @DanJordan, from 'Threat View', click the 'Filter' button. In the 'Threat Name' field, type in "pum" or "policies, as I take it the false positive PUM's you are looking for are GPO enforcement's. Using a common word between all these PUM's will make the next step all that much easier. Once you click 'OK', the results should be just your particular FP's. Hit Ctrl + A or Ctrl + click the ones you want to remove. Once highlighted, right click and select 'Remove Log Entry'.

If these PUM's are your GPO keys, the reason why is MBAM agent 1.80.x is indiscriminate when it comes to any registry modifications. It will hit on your legit GPO enforcement's. Add your GPO registry key(s) to the Policy → Ignore list, replacing the account SID‘s with the * wildcard. Note that only console and client communicator together at and above with Anti-Malware and above, supports this wildcard in the middle of a string, and only for registry keys.

To aid in your ignore efforts, here’s a list I made of all the GPO changes I’ve seen get tagged as PUM: 
hku\*\software\policies\microsoft\internet explorer\control panel|ConnectionsTab
hku\*\software\policies\microsoft\internet explorer\control panel|HomePage



Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.