Jump to content

Recommended Posts

Hi,

Business client has an issue with two workstations, both Windows 10, using Malwarebytes (Corp) 1.80.2.1012, 

Run a scan and Malwarebytes detects and fixes the follow PUM infection.

Registry Data Items Detected: 1
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify (PUM.Optional.DisabledSecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. [223bb30f7047de58c1186843c9397c84]

Screenshot attached, plus log for adw cleaner and malwarebytes.

On the next Malwarebytes scan you get the same PUM infection again, used AdwCleamer (found and remove infectison, on second scan all is OK) and JRT no infections found.

I need to stop this as the client has been hacked and they lost $20K we think this happened via 365 but I need to clean up all workstations.

Thanks in advance.

John Hutchins.  

 

Screenshot - 27_01_2018 , 2_49_46 PM.png

AdwCleaner[S0].txt

mbam-log-2018-01-24 (19-26-07).txt

Link to post
Share on other sites
  • 2 months later...
  • Staff

This is not from an attack or part of an infection, this is just a standard policy flag on whether to show the warning in Windows action center if you have anti-virus installed or not. MBAM agent 1.80.x is indiscriminate when it comes to any registry modifications. It will hit on your legitimate changes and GPO enforcement's. Additionally, the legacy MB products do not register as an AV, so there is an incentive to set this registry key so that you are not seeing a notification to find an AV every time you start Windows.

You can add this key to be ignored, since it is a registry key, you will need to use the API through command line, open an admin elevated CMD and use the following commands:

CD C:\Program Files (x86)\Malwarebytes' Anti-Malware
mbamapi /ignore –add value "HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify"

I've also attached the MBAM admin guide, which goes over even more API commands available to you.

Anti-Malware for Business 1.80 Administrator Guide.pdf

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.