Jump to content

Is HKLM\SOFTWARE\MICROSOFT... a threat/PUP?

Mattz

By Mattz
in File Detections

 Share

Recommended Posts

Mattz

Mattz

Posted
Posted

MBAM detected these 2 registry keys but seems to asking me whether to quarantine or not. Can't can't any threads telling me if I should or not.

Registry Key: 2

PUP.Optional.DriverSupport, HKLM\SOFTWARE\MICROSOFT\TRACING\DriverSupport_RASAPI32, No Action By User, [14515], [484523],1.0.3818

PUP.Optional.DriverSupport, HKLM\SOFTWARE\MICROSOFT\TRACING\DriverSupport_RASMANCS, No Action By User, [14515], [484523],1.0.3818

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
28 minutes ago, Mattz said:

Can't can't any threads telling me if I should or not.

I would remove it.

Driver Updates can damage your system at the point where a reinstall of Windows will be needed.

  • Drivers are "middlemen" between your OS (Windows) and your hardware (computer). They control and facilitate the interaction between Windows and hardware components, to deliver a "message", nothing more;
  • Having all of your drivers up to date, all the time, will not improve the performance of your system, nor your computer. You cannot increase the hardware performance of a component over the current capabilities it have;
  • Driver updates are released to fix a bug or an issue with a previous release of that driver. Not everyone with the same drivers will experience the issue, so if you are having no problems with the drivers you are running, you don't need to update them. "If it's not broken, don't fix it";
  • You can download drivers for free from your computer/laptop manufacturers website, or from the hardware component manufacturers website. You don't need to pay for any of them, if you are being asked to pay for drivers it is likely a scam;
  • Only drivers from the computer/laptop manufacturers website, or the hardware component manufacturers website are considered official (legitimate and working). You should not download drivers from anywhere else;
  • Driver Updaters are a scam, they try to convince you that you need these programs in order to make your system perform well, which is false;
  • It has been tested and proven that these programs will detect outdated drivers on a system that have the most updated drivers from the manufacturer, which shows that they don't work and/or they try to make you install "newer" suspicious drivers;
  • The goal of the distributors of such programs is to make money by making you buy their useless product, or install additional software (PUPs) when you install their program. Your system will perform worse with these programs installed than without;


This being said, such programs could be seen as "pure scam" and should be avoided at all cost.

Here's some articles that talks about Driver Updater programs and why they shouldn't be used:

Link to post
Share on other sites
Mattz

Mattz

Posted
  • Author
Posted

I'm not sure that really answers my question. I don't think that I have any auto driver update software installed. I did install a new APC battery with USB connection, yesterday, that automatically prompted a search for and download of a driver, and then downloaded and installed the recommended management software, which may have installed an additional driver. Wouldn't I need that/one of those driver(s)?

Link to post
Share on other sites
  • 3 weeks later...
exile360

exile360

Posted
Posted

It's not a false positive because it's not being flagged as malware.  A PUP detection means Potentially Unwanted Program and based on the criteria used for determining whether something is PUP, this software does indeed fit into this category therefore the detection as PUP is accurate.

Besides, having some random third party 'certify' a piece of software is irrelevant; the criteria they use for assessing software obviously is not the same as the criteria used by Malwarebytes to determine what is and is not PUP.  In this case, the organization who certified the app in question specifies that they're only focused on deceptive practices and unexpected behavior of applications.  They are not at all concerned with fitness for actual purpose and the larger issue of the very nature of driver update utilities in general which, just like registry cleaners, are essentially nothing more than unnecessary snake oil with no real utility and typically do more harm than good.

Link to post
Share on other sites
Bigwakex2

Bigwakex2

Posted
Posted

How is it potentially unwanted if I downloaded it, payed for it and found it useful? You might not but I’m not a tech and it saved me a lot of time, plus it does more than just drivers. 

So you are saying Malwarebytes can decide what is good for me?  Malwarebytes said there was almost 400 errors for 1 piece of software, who is the one selling the snake oil?

 

 

Link to post
Share on other sites
exile360

exile360

Posted
Posted

Again, it's classified as potentially unwanted.  Malwarebytes isn't saying that the software isn't good or shouldn't be used by anyone.  It's providing a rating based on community opinions and reviews and the criteria set forth by the Malwarebytes Research team in determining PUPs.  If you find it desirable/useful then that's fine, there's nothing wrong with that.  This is why the classification begins with the word Potentially, because it isn't outright malicious and you the user may have deliberately installed the software in question and therefore may decide to keep it.

With regards to Malwarebytes' detections, they aren't "errors" nor does it use that terminology anywhere in the interface or logs, they are detections or traces, each one being an installed trace or component of the item which is being detected such as folders, files, processes, modules, registry keys and registry values.  There are so many because Malwarebytes is thorough when it comes to detecting and removing items it targets, including PUPs.

So in your case, since you wish to keep the software in question all you need to do is click the lead checkbox on the upper left side of the column headers in the scan results window to uncheck all of the entries related to this software and then click the Next button.  Once the prompt is displayed asking how you wish for the unchecked items to be handled, click Ignore Always and they will be added to Malwarebytes exclusions list so that they will no longer be detected by scans or realtime protection.

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
14 minutes ago, Bigwakex2 said:

so how is Malwarebytes saying that’s bad?

Driver Updates can damage your system at the point where a reinstall of Windows will be needed.

  • Drivers are "middlemen" between your OS (Windows) and your hardware (computer). They control and facilitate the interaction between Windows and hardware components, to deliver a "message", nothing more;
  • Having all of your drivers up to date, all the time, will not improve the performance of your system, nor your computer. You cannot increase the hardware performance of a component over the current capabilities it have;
  • Driver updates are released to fix a bug or an issue with a previous release of that driver. Not everyone with the same drivers will experience the issue, so if you are having no problems with the drivers you are running, you don't need to update them. "If it's not broken, don't fix it";
  • You can download drivers for free from your computer/laptop manufacturers website, or from the hardware component manufacturers website. You don't need to pay for any of them, if you are being asked to pay for drivers it is likely a scam;
  • Only drivers from the computer/laptop manufacturers website, or the hardware component manufacturers website are considered official (legitimate and working). You should not download drivers from anywhere else;
  • Driver Updaters are a scam, they try to convince you that you need these programs in order to make your system perform well, which is false;
  • It has been tested and proven that these programs will detect outdated drivers on a system that have the most updated drivers from the manufacturer, which shows that they don't work and/or they try to make you install "newer" suspicious drivers;
  • The goal of the distributors of such programs is to make money by making you buy their useless product, or install additional software (PUPs) when you install their program. Your system will perform worse with these programs installed than without;


This being said, such programs could be seen as "pure scam" and should be avoided at all cost.

Here's some articles that talks about Driver Updater programs and why they shouldn't be used:

Link to post
Share on other sites
Bigwakex2

Bigwakex2

Posted
Posted

So the 1000s of people that have posted 5 star reviews and say how much Driver Support helped them out are wrong? Driver Support gives great technical support too, they even fixed other problems on my computer that had nothing to do with drivers at NO additional cost!

Sounds more like Malwarebytes doesn’t like the business and has nothing todo with software. 

I feel Malwarebytes has made a big mistake by flagging Driver Support. Malwarebytes is now deleted from my computer.

Link to post
Share on other sites
exile360

exile360

Posted
Posted

Further information on how Malwarebytes determines whether an item is PUP and info on how to have an item reconsidered for re-classification may be found here.

I cannot speak for Malwarebytes' Research team on this matter as I do not know precisely why this particular software was classified as PUP, however the article on this page might offer some clues.

One last thing that I'm curious about.  Does this software you're defending charge for updating the drivers it detects on a system as being out of date?  I ask this because Malwarebytes always has and always will remove any threats (including actual dangerous malware, not just PUPs) that it detects in scanning a system for free without any limitations.

I can always track down the individual hardware component manufacturers for each device installed in my computer to download the latest drivers for all of them for free.  I cannot so easily remove (or even detect) any malware that might get into my system, so to me, what Malwarebytes is offering for free has far more value than what these driver updaters are trying to charge people for.

Link to post
Share on other sites
exile360

exile360

Posted
Posted (edited)

By the way, in addition to providing free support for their software to all (not just to paying customers, but also free users) here on the forums, they also provide free expert malware removal regardless of whether the person has purchased Malwarebytes Premium or not.  They have always gone well above and beyond, not only for their paying customers, but for all their users and the entire internet community as a whole.  It is for this reason that Malwarebytes has such a strong community and reputation for being a trusted organization by so many.

Edited by exile360
Link to post
Share on other sites
Bigwakex2

Bigwakex2

Posted
Posted

I’ll just go back to using Windows Defender that came for free with Windows 10, the only thing Malwarebytes picked up differently was Driver Support anyways.

I appreciate your points and I’m sure there are some bad driver update software out there. But I do need help with my computer from time to time because I’m not techical. Driver Support does cost money but it is more than a driver updater. It made my internet faster and it also comes with free unlimited tech support for any problems I have with my computer, not just their software. Well worth the money in my opinion. I’m sure they have already saved me a bunch of money and time not taking my computer into geek squad!

By the way, I just found this and I might try out one of the bigger guys. 

https://www.statista.com/statistics/271048/market-share-held-by-antivirus-vendors-for-windows-systems/

 

Link to post
Share on other sites
exile360

exile360

Posted
Posted

Malwarebytes offers free tech support right here on their forums and it doesn't cost a thing.  They help with both malware and non malware related issues and there are other free resources on the web where similar free help can be found including the likes of BleepingComputer and MajorGeeks.

As far as the bigger guys go, you might want to take a look at this.  It provides info on live data from real world systems where Malwarebytes is installed alongside other AV software and shows where Malwarebytes has detected items missed by the AVs, and PUPs are not part of what's factored into the data so Malwarebytes' more aggressive stance on PUPs has no effect on the data.

Link to post
Share on other sites
Bigwakex2

Bigwakex2

Posted
Posted

Driver Supports tech support is over the phone and has walked me thru getting my sound and printer both working correctly. Way easier for me then searching the internet to find the answer when I don’t really understand the problem. I just know they didn’t work. 

I think I’ll be ok. I don’t download much. With it flagging something I’m happy with and having to click 100s of time to try to get Malwarebytes to ignore it, it doesn’t seem worth it to have. 

Link to post
Share on other sites
exile360

exile360

Posted
Posted (edited)

I'm not talking about searching for solutions online.  Malwarebytes provides one-on-one help here on the forums including detailed instructions on how to do things.  That's fine though, and totally understandable.  If you're happy with the software, the company and the services they're providing then there's no reason to lose them.

With regards to having Malwarebytes ignore it, it's a simple matter of only a few clicks, not thousands.  Just perform a Threat scan and once it is complete, click the uppermost checkbox in the column header just to the left of where it says Threat Type so that all items detected are unchecked, then click on the Next button.  A prompt dialog will then be displayed asking how you'd like Malwarebytes to handle all the unchecked items.  Click on the Ignore Always button and they will all be added to Malwarebytes' exclusions list so that they'll no longer be detected in future scans.  Alternatively, if you simply don't want Malwarebytes to detect any PUPs at all you can go to Settings>Protection and use the drop-down menu under Potentially Unwanted Programs (PUPs) under the Potential Threat Protection section to change the setting to Ignore Detections.  That will have Malwarebytes automatically refrain from detecting any items classified as PUP, including the driver updating software that you wish to keep.

Edited by exile360
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.