Jump to content

Recommended Posts

I have Norton 360 running on Windows 11.  (I also posted this on Norton's forum but just thought someone here might also know)

Today I had a phishing popup on Firefox browser, so I closed the browser and ran Norton full scan, it found nothing.

I then downloaded the free MB trial and ran Malwarebytes, it found these two issues,

-Scan Details-
Registry Value: 2
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 7617, 676881, 1.0.83661, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 7617, 676881, 1.0.83661, , ame, , ,

My question: Thinking maybe Norton 360 set these windows settings to OFF since Norton is now handling detections instead of Windows Security?

Otherwise ust curious why or how these Registry settings got set to OFF?

 

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

If you are having technical issues with our Windows product, please do the following:

Malwarebytes Support Tool - Advanced Options

This feature is designed for the following reasons:

  • For use when you are on the forums and need to provide logs for assistance
  • For use when you don't need or want to create a ticket with Malwarebytes
  • For use when you want to perform local troubleshooting on your own

How to use the Advanced Options:

Spoiler
  1. Download Malwarebytes Support Tool
  2. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  3. Place a checkmark next to Accept License Agreement and click Next
  4. Navigate to the Advanced tab
  5. The Advanced menu page contains four categories:
    • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand.
    • Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot.
    •  Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent.
    • Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program.
  6. To provide logs for review click the Gather Logs button
  7. Upon completion, click OK
  8. A file named mbst-grab-results.zip will be saved to your Desktop
  9. Please attach the file in your next reply.
  10. To uninstall all Malwarebytes Products, click the Clean button.
  11. Click the Yes button to proceed. 
  12. Save all your work and click OK when you are ready to reboot.
  13. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows.
  14. Select Yes to install Malwarebytes.
  15. Malwarebytes for Windows will open once the installation completes successfully.

Screenshots:

Spoiler
 
 
 
 
Spoiler

 

 

01.png

02.png

03.png

04.png

05.png

06.png

 

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

Suspecting O&OShutup set the \MRT to not report, I changed these O&O Shutup settings
Under Local Machine tab
I unchecked->Disable App access to Diagnostic Info.
Under Current User Tab
I unchecked->Disable App access to Diagnostic Info.
--
Then in registry editor at,
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\MRT
 I cleared (deleted) the entry->DontReportInfectionInformation
 Leaving only the Default REQ_SZ  Value not set.

Also checked at,
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT
 But it was already set only to Default
Then I ran another MBam scan and got zero issues no PUPs No PUMs.

To see if O&O Shutup was why ..\MRT was disabled, I ran O&O Shutup and again disabled app access to Diagnostic Info and then rebooted. But even after a reboot the aforesaid ..\MRT entry->DontReportInfectionInformation     setting did not appear again in Registry. So I really don't know what or how it got set OFF prior. Maybe by delaying an update?

In case I now have learned how to Add an exclusion as per,
https://www.malwarebytes.com/blog/detections/pum-optional(link is external)

However from what I read of MS's aggresive blocking of 3rd party apps in proposed updates of Win11, the O&O Shutup does have some validity in premise IF the new update of Windows will even allow it to run.

Link to post
Share on other sites

UPDATE: This appears to be a Windows Security setting, specifically the Reputation-based protection. This setting says it:
Protects your device from malicious or potentially unwanted apps. Turn on or off.

However in many cases it blocks apps the are OK and very useful especially as MS seems to be more leaning towards the S mode premise with proposded future updates along with advertisements that MS promotes.
Just my opinion.

Link to post
Share on other sites

There are many scripts and tools around that turn off any and all reporting to MS.This setting is there only to warn a user that it is off and most users who turn off all communication from Windows to MS would know they did it with "something" on purpose and can set it to ignore.

Others, however, who have no clue or wish to restrict communication to MS, need to take action as malware can set that just like the other software and scripts do to hide detection from MS.

This is what gets turned off.

image.thumb.png.96b03fedc2378e828914f6ef7d284366.png

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.