Jump to content

PUP.Optional.ForcedExtensions detected for Ecosia extn in Microsoft Edge??

mj_tay

By mj_tay
in File Detections

 Share

Recommended Posts

mj_tay

mj_tay

Posted
Posted

Hi all,

Every time Malwarebytes runs a scan it reports 44 "threats", all of which are PUP.Optional.ForcedExtension, e.g.

Registry Value: 3
PUP.Optional.ForcedExtension, HKU\<removed>\SOFTWARE\MICROSOFT\EDGE\PREFERENCEMACS\Default\extensions.settings|<removed>, No Action By User, 267, 980953, , , , , , 
(I've removed the gobbledygook keys in case it's not secure to include them on a forum.)

and

PUP.Optional.ForcedExtension, C:\USERS\<user>\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Sync Extension Settings\<removed>, No Action By User, 267, 980953, , , , , , 
 

The only extensions I use are Ecosia Search and Malwarebytes Browser Guard.  The first time I saw these threats I clicked on Quarantine, and next time I used Edge the Ecosia extension had gone, so I suspect it's to do with that.

Am I correct in my deduction?

Is it safe to ignore them?

How can I get Malwarebytes to ignore these potential threats so that I can immediately see any other threats that it detects?  I don't want to have to read through a list of 44 detected threats every time!

Thanks for your help.

 

 

 

 

Link to post
Share on other sites
1PW

1PW

Posted
Posted

Hello @mj_tay and :welcome::

The forum experts would need to analyze logs before taking action:

  1. Download the Malwarebytes Support Tool.
  2. In the Downloads folder, open the mb-support-x.x.x.xxx.exe file.
  3. In the User Account Control pop-up window, click Yes to continue the installation.
    • Microsoft .NET 4.0 Framework is required to run the Support Tool on your computer. If you do not have a .NET 4.0 Framework, you will receive the following error while running the tool:
      DOC-2395-2.png
      • In the .NET 4.0 Framework not found pop-up window, click OK to open Microsoft's download page and download the latest .NET Framework components.
  4. In the Malwarebytes Software License Agreement pop-up window, check the box ( mceclip0.png ) next to Accept License Agreement after consenting to the agreement terms.
  5. Click Next to complete the installation. The Malwarebytes Support Tool automatically opens.
  6. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
  7. In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine.
  8. In the Gather Logs confirmation pop-up window, click OK. A zip file appears on your desktop.
    DOC-2396-7.png
    An email will be sent to you for the next steps.
  9. Reply to this topic and attach the above archive for an analysis to begin.
  10. Close the Malwarebytes Support Tool.

Thank you.

Link to post
Share on other sites
mj_tay

mj_tay

Posted
  • Author
Posted
5 minutes ago, miekiemoes said:

Hi,

If you are indeed using this ecosia search and have it willingly installed, then you can add an exclusion for this detection.

We detect as a PUP.Optional, so a Potential Unwanted Program. In this case, Ecosia is often installed forced without user knowledge, hence the detection. 

Thanks for the reply.  I saw there was an option to add an item to the Allow List, but it only gives me the options to allow a file/folder, website, application to connect to the internet, or a previously detected exploit.

Could you please explain how I add a particular browser extension?

Thanks

 

Link to post
Share on other sites
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Hi,

In your case, you can add the folder there under C:\USERS\<user>\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Sync Extension Settings\<removed> <== this folder with the gobbledygook keys

That should have effect on the rest as well. Basically it's for this folder (and other folders it detects, as you didn't post the entire log) :)

Link to post
Share on other sites
mj_tay

mj_tay

Posted
  • Author
Posted
39 minutes ago, miekiemoes said:

Hi,

In your case, you can add the folder there under C:\USERS\<user>\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Sync Extension Settings\<removed> <== this folder with the gobbledygook keys

That should have effect on the rest as well. Basically it's for this folder (and other folders it detects, as you didn't post the entire log) :)

Thanks - I've added all the folders that were detected, and I'll see what happens next time Malwarebytes runs.

Thanks for your help.

 

Link to post
Share on other sites
mj_tay

mj_tay

Posted
  • Author
Posted
20 hours ago, mj_tay said:

Thanks - I've added all the folders that were detected, and I'll see what happens next time Malwarebytes runs.

Thanks for your help.

 

Update - having added these folders, Malwarebytes now reports that no threats were detected.

Thanks for your help.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.