PUM.Optional.DisabledSecurityCenter

Short bio

This detection is for several potentially unwanted modifications (PUMs) in the Windows registry where the Windows Security Center service notifications are disabled. These changes are usually done by malware to suppress Windows from notifying the user that it has turned off specific security features in place, such as a firewall, on the affected system.

System modifications

The following registry value data are modified:

Under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center

From:
UpdatesDisableNotify=0
FirewallDisableNotify=0
AntiVirusDisableNotify=0

To:
UpdatesDisableNotify=1
FirewallDisableNotify=1
AntiVirusDisableNotify=1

Under
HKEY_CURRENT_USER\Software\Microsoft\Security Center

From:
UpdatesDisableNotify=0
FirewallDisableNotify=0
AntiVirusDisableNotify=0

To:
UpdatesDisableNotify=1
FirewallDisableNotify=1
AntiVirusDisableNotify=1

Remediation

Malwarebytes can modify these registry value data back to their Windows default settings without user interaction.

Also, we advise users to do a full system scan as PUM.Optional.DisabledSecurityCenter modifications could have been done by malware or PUP.

Add an exclusion

When PUM is detected on your computer, Malwarebytes for Windows does not know if it was authorized. Optimization software, malware, and Potentially Unwanted Programs (PUPs) are known to make these types of changes, hence they are regarded as potentially unwanted.

To have Malwarebytes for Windows ignore a PUM, you must add the PUM as an exclusion.

  1. Open Malwarebytes for Windows.
  2. Click Settings, then click the Protection tab.
  3. Scroll down to the bottom.
  4. Turn off Automatically quarantine detected malware.Turning this setting off prevents Malwarebytes for Windows from quarantining the PUM automatically.
  5. Go to the Dashboard, then click Scan Now.
  6. When the Threat Scan Results appear, uncheck the box next to the detected PUM you want to keep.
  7. Click Next.
  8. On the Remaining Items window, click Ignore Always to add the exclude the detected PUM(s).
  9. Turn on Automatically quarantine detected malware.To find this setting, click Settings > Protection.

When a PUM is excluded, Malwarebytes for Windows does not detect the PUM during scans or Real-Time Protection.

Related blog content

Malwarebytes for Windows detected a Potentially Unwanted Modification
How your business can avoid potentially unwanted programs