WhenU.Adware PUP?

[lemonbird]

Hi,

I disabled both PUP and PUM detections in MBAM 3.1.2 Settings.

PUP=Ignore Detection, 

PUM=Ignore Detection

 but MBAM still detects WhenU.Adware in an old file (see attached).

 

I believe the problem lies in the fact MBAM defines WhenU.Adware as "malware", as opposed to "non-malware" (PUP and PUM).

I am not an expert but I wonder: is there a rationale behind MBAM behavior or should it be fixed? 

Kaspersky, for instance, calls WhenU "not-a-virus". Some others call it a "PUA".

Or, maybe, you might want to add a third entry (Adware: ignore/warn/detect) besides PUP and PUM settings?

 

 

daemon403-x86.zip

Edited July 5, 2017 by lemonbird

[blender]

Hello,

How a program behaves, what it does, etc determines the detection type. (PUP, Adware, Trojan, etc)

If you want to keep the file, you can choose to exclude it by adding an exclusion for the file itself or by unchecking the detection next scan & choosing to "ignore always" when prompted. 

[lemonbird]

Anyone for a proper answer?

[lemonbird]

@blender

What you suggest would exclude a single file, but I am talking of exclusion by category.

Maybe I wasn't clear in my question. Again, is there a valid reason not to allow users, if they want, the same for Adware as it can be done for PUPs and PUMs?

I gather the difference is a rather subtle one (in the EULA).

 

 

[blender]

The option to ignore entire threat types only exist for PUP.Optional & PUM.Optional. The other category is "malware" which includes Adware, Backdoor, Trojan, etc etc etc.

[lemonbird]

OK, thanks.   

I do appreciate your answers. BTW, sorry for having been a bit blunt in my first reply. But the fact is I already know how it works user side, I am asking for the reasons behind the behavior. Why not add an Ignore Adware setting, like it is for PUPs, for the users who know what they are doing?

Other detection programs allow to exclude several threat types including Adware not just PUPs and PUMs. 

Besides, I gather that the difference between PUPs and Adware is sometimes rather subtle.

For instance, in the specific example I provided (WhenU in the Daemon Tools 4.03HE installer), I am not clear why it is not a PUP. Just because of the EULA?

When I run the Dameon Tools installer I can untick the "Daemon Tools Search bar" check box if I don't want to install that too, but a novice might just click Next and install without noticing. Isn't that a "Potentially Unwanted" item?