BleepingComputer.com: What is this that malwarebytes found?

I downloaded and installed Malwarebytes, and after it ran its scan, right at the end it found this.

PUM.Disabled.SecurityCenter in the Registry Data.

Our computer has never been infected by malware, there was a site that tried to be ESET NOD32 terminated the attempt. There have also been no indications of infection. Does this mean that the computer is infected or is it a false positive?

Our Antivirus is Nod32 version 4

Thanks

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0)

The Disabled.SecurityCenter entries do not necessarily mean malware. They are registry keys that can be:

• Disabled by malware to prevent notification that your protection has been disabled
  
• Disabled intentionally by the user.
  
• Disabled by other security programs to prevent conflicts, duplicate warnings and allow them to have control.

Quote

Quote

explanation by Malwarebytes Staff

It is not uncommon for security programs (as well as malware) to disable these keys and other security tools like Malwarebytes to detect and let you know they have been disabled. So if a scan is showing these entries and there are no other signs of infection, then it's likely that you or one of your security program has disabled them. If that's the case, then adding them to Malwarebytes's Ignore list (by right-clicking) will prevent the detections from showing in future scans. If you are experiencing symptoms of malware, do not use other security programs and did not disable them yourself, then further investigation is warranted as there is no way to specifically tell how or by what something became disabled.

Usually when your machine is infected with malware, you will experience other signs and symptoms (pop-up alerts, slow computer, poor performance, browser redirects, etc) that indicate something is wrong.

quietman7, on 12 April 2011 - 08:09 AM, said:

Yes, although there has been no signs of malware infection. Computer is fast, no pop-ups, no alerts, Nod32 has been running normally. The only weird infection we have had, which I am not sure if it is a false positive or not, is this autorun.inf infection. I think it has been fixed, but it was strange that it even was detected. Malwarebytes found this:

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Security Center/UpdatesDisableNotify

No other things were detected, only one instance of this, so I am unsure of what to think about it, as I don't know if eset configured Security Centre, or some button was pressed to disable updates.

The explanation for the HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Security Center/UpdatesDisableNotify key is essentially the same as the above.

There are four automatic update settings options available
• Automatic (recommended).
• Download updates for me, but let me choose when to install them.
• Notify me but don't automatically download or install them.
• Turn off Automatic Updates.

How to change your Automatic Updates settings by using Windows Security Center

The fourth option, which I prefer, permits full control when to download and install any updates.

Quote

Thanks for the posting tip. Just wondering if I need to be worried about that PUM thing.... Don't know if it is of serious concern or something I should just watch out for in the future. Could there be any other reason for its deactivation if there is no malware present on the computer?

Thanks

The Disabled.SecurityCenter entries are registry keys that can be:

• Disabled by malware to prevent notification that your protection has been disabled
  
• Disabled intentionally by the user.
  
• Disabled by other security programs (i.e Anti-virus) to prevent conflicts, duplicate warnings and allow them to manage control of the Security Center.

Is there a way that I can find out if Nod32 disabled the windows updates for some reason, or any way that I can see if I might have done something? I usually manually install the updates as the time was set to automatically check for updates at 3am. Nothing was updated as no one uses the computer at 3 am. I recently changed it to 5pm so it will work now, but are there any other signs I can look out for to discover whether it was malware or my own doing?

Thank you

NOD32 manages the Security Center by default and provides an orange alert icon when Windows updates are available. See these ESET Knowledgebase articles:

• How do I disable my ESET security product from notifying me about Windows updates?
  
• Why does the Protection status icon change color and what does each color mean?

This post has been edited by quietman7: 17 April 2011 - 04:30 PM

Thank you, I don't think I have anything big to worry about then. Thank you for your time and effort and all the links you provided. It was really helpful.

You're welcome.