PUM.Optional.DisableRegistryTools

Short Bio

This is the detection for a potentially unwanted modification (PUM) on the registry that prevents the user from accessing the standard Windows registry tools. For example, when users are trying to run regedit, they will get the error message, “Registry editing has been disabled by your administrator.”

System Modifications

The following registry value data are modified:

Under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Policies\System

From:
DisableRegistryTools=0

To:
DisableRegistryTools=1

Under
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Policies\System

From:
DisableRegistryTools=0

To:
DisableRegistryTools=1

Remediation

Malwarebytes can modify this registry value data back to its Windows default setting without user interaction.

Also, we advise users to do a full system scan as PUM.Optional.DisableRegistryTools could have been added to the system by malware or a PUP.

Cybersecurity info you can’t do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Select your language