Jump to content

PUP detections: Can you provide MORE info besides a generic link?


mgonzales
 Share

Recommended Posts

Obviously a PUP is not clearly malware, virus, trojan or any real defined threat beyond ambiguous.

But would it be so hard to provide more info / a DB or somewhere to look up the reasons for the classification?

For instance:

  PUP.Optional.RegOrganizer

what does this mean?

All we get is:

This is not really any use to the end user to determine if they wish to act on the warning or not.

please take the time to start explaining your reasons for PUP.

 

Thank you!

 

Link to post
Share on other sites

  • Staff

Greetings,

You may find the information found here as well as here and in this article to be helpful, at least regarding this specific detection.  While the Researchers have added details on many detections in the Malwarebytes database to the online threat database, they have not had the time or resources to add them all.

For any other PUP detection it can be useful to familiarize yourself with the criteria Malwarebytes uses for determining when something is PUP which can be found here.  You can also deduce common patterns with regards to various types of software that might be targeted as PUP by Malwarebytes by searching the term "PUP" in their online threat database found here.  Often times the vendor names alone will be sufficient to clue you in as to the purpose of detection for other similar apps (for example, PUP.Optional.PCOptimizerPro, PUP.Optional.CosmosSystemCare, PUP.Optional.SuperCleanup, PUP.Optional.DriverPack, PUP.Optional.DriverToolkit, PUP.Optional.SlimCleanerPlus, PUP.Optional.PerfectRegistry, PUP.Optional.GlobalSystemMechanic, PUP.Optional.DriverSupport, PUP.Optional.DriverTuner, PUP.Optional.DriverUpdate; as you can likely deduce, driver updaters and registry cleaners/optimizers are frequently detected as PUP).

As for the logic behind detecting these types of applications, a bit of info from outside Malwarebytes:

https://decentsecurity.com/#/registry-cleaners/
https://support.microsoft.com/en-us/help/2563254/microsoft-support-policy-for-the-use-of-registry-cleaning-utilities
https://www.howtogeek.com/171633/why-using-a-registry-cleaner-wont-speed-up-your-pc-or-fix-crashes/
https://www.howtogeek.com/162683/pc-cleaning-apps-are-a-scam-heres-why-and-how-to-speed-up-your-pc/
https://lifehacker.com/5482701/whats-the-registry-should-i-clean-it-and-whats-the-point
https://lifehacker.com/5033518/debunking-common-windows-performance-tweaking-myths
http://www.tomshardware.com/answers/id-1857635/good-free-automatic-driver-updater.html

There are many such tools out there, yet if you investigate you'll find that the vast majority are made by companies who have a lot in common with one another and don't share space with prominent first tier software or security tool vendors (the likes of most of those listed on VirusTotal for example or mentioned frequently by the likes of Gartner in their quarterly reports about the status of the various areas of the security industry).  When you look into many of them you will find that they are small marketing machines relying more on things like SEO and aggressive affiliate sales, aggressive and/or deceptive advertising practices (and often bundled installers with other more reputable/desirable apps) to generate downloads/sales and outside of their own sites and those of paid affiliates, you seldom find many (if any) actual users singing their praises (for example on tech forums and tech sites like WildersSecurity, BleepingComputer, TomsHardware, MajorGeeks, LifeHacker, Microsoft Technet etc.).  In fact, usually the only sites where you might find anything positive said about such tools are sites where they are incentivized to generate downloads and/or sales of said tools/products (again, like affiliates and the like where they gain profit by convincing you to download/install/purchase said tool).  On the other hand, you'll frequently find large numbers of individuals naming specific tools/utilities/apps that they hold in high regard or that they recommend across all these sites/forums even though they have nothing to gain in doing so.  Likewise, you'll frequently find tools like driver updaters, registry cleaners and system performance optimizers decried as snake oil and the like by both tech folk and individuals and frequent recommendations against their use or at the very least proclamations that they are of little or no real value to improving the working status or performance of a PC.

In fact, to date I know of no independent testing performed by anyone that showed that any of these kinds of tools have ever done anything to improve the performance of a system in any measurable way, be it system boot time, application loading time, internet download/upload speed or any other performance metric that can be objectively measured.  Considering that these types of utilities have existed for decades and yet no such data exists, I believe that says something about the incredible claims made by most of these vendors producing these kinds of "tools".  With regard to "fixing" PCs, again, I've never seen any evidence where someone had an actual issue that was fixed by running one of these utilities.  I have seen actual specific repairs and tools designed to correct specific issues do so, but never any of these general "error fixing", "system optimizing", "registry curing" utilities being so aggressively advertised which make such claims.  I'll give you an example.  If you take a look at Tweaking.com's Windows Repair or even their Simple/Advanced System Tweaker utility, all of them contain tons of actual specific fixes/tweaks which are known to serve specific functions and purposes.  They do not simply attempt to "scan" the entire registry and search for "errors" and then claim to fix them (when in fact, what those other apps are doing is simply looking for orphaned registry values which point to files no longer on disk, something that serves no real purpose for fixing any actual PC/OS issues).  They have specific fixes for specific issues and specific tweaks with specific functions.  I am not advocating their use, so don't misinterpret this as some kind of endorsement, but what I am saying is that they have created tools that have compiled specific known functions into a single application rather than putting together a simple scanner and claiming it to be a fix-all solution for every PC problem under the sun.  If Microsoft themselves are not able to create such an application when it is their code that the operating system runs on, how can all of these other vendors have done so?  I am skeptical to say the least.

It is your system and what you choose to run on it or not is your business, so if you do not agree with my assessment that's fine, I won't argue.  However, the reason these kinds of apps are detected as PUP by Malwarebytes I believe has been made clear.  If you disagree, then simply perform a Threat scan with Malwarebytes, click the checkbox at the very top of the scan results screen to clear all of the checkboxes in the list and click Next, then when prompted on how to handle the remaining/unchecked items, click Ignore Always and they will be added to your Exclusions in Malwarebytes so that they are no longer detected.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.