lemonbird Posted July 5, 2017 ID:1140596 Share Posted July 5, 2017 (edited) Hi, I disabled both PUP and PUM detections in MBAM 3.1.2 Settings. PUP=Ignore Detection, PUM=Ignore Detection but MBAM still detects WhenU.Adware in an old file (see attached). I believe the problem lies in the fact MBAM defines WhenU.Adware as "malware", as opposed to "non-malware" (PUP and PUM). I am not an expert but I wonder: is there a rationale behind MBAM behavior or should it be fixed? Kaspersky, for instance, calls WhenU "not-a-virus". Some others call it a "PUA". Or, maybe, you might want to add a third entry (Adware: ignore/warn/detect) besides PUP and PUM settings? daemon403-x86.zip Edited July 5, 2017 by lemonbird Link to post Share on other sites More sharing options...
Staff blender Posted July 6, 2017 Staff ID:1140771 Share Posted July 6, 2017 Hello, How a program behaves, what it does, etc determines the detection type. (PUP, Adware, Trojan, etc) If you want to keep the file, you can choose to exclude it by adding an exclusion for the file itself or by unchecking the detection next scan & choosing to "ignore always" when prompted. Link to post Share on other sites More sharing options...
lemonbird Posted July 6, 2017 Author ID:1140815 Share Posted July 6, 2017 Anyone for a proper answer? Link to post Share on other sites More sharing options...
lemonbird Posted July 6, 2017 Author ID:1140820 Share Posted July 6, 2017 @blender What you suggest would exclude a single file, but I am talking of exclusion by category. Maybe I wasn't clear in my question. Again, is there a valid reason not to allow users, if they want, the same for Adware as it can be done for PUPs and PUMs? I gather the difference is a rather subtle one (in the EULA). Link to post Share on other sites More sharing options...
Staff blender Posted July 6, 2017 Staff ID:1140821 Share Posted July 6, 2017 The option to ignore entire threat types only exist for PUP.Optional & PUM.Optional. The other category is "malware" which includes Adware, Backdoor, Trojan, etc etc etc. Link to post Share on other sites More sharing options...
lemonbird Posted July 6, 2017 Author ID:1140836 Share Posted July 6, 2017 OK, thanks. I do appreciate your answers. BTW, sorry for having been a bit blunt in my first reply. But the fact is I already know how it works user side, I am asking for the reasons behind the behavior. Why not add an Ignore Adware setting, like it is for PUPs, for the users who know what they are doing? Other detection programs allow to exclude several threat types including Adware not just PUPs and PUMs. Besides, I gather that the difference between PUPs and Adware is sometimes rather subtle. For instance, in the specific example I provided (WhenU in the Daemon Tools 4.03HE installer), I am not clear why it is not a PUP. Just because of the EULA? When I run the Dameon Tools installer I can untick the "Daemon Tools Search bar" check box if I don't want to install that too, but a novice might just click Next and install without noticing. Isn't that a "Potentially Unwanted" item? Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now