Issue
Nebula keeps detecting and removing the same Potentially Unwanted Program (PUP) from Google Chrome or Microsoft Edge repeatedly.
Cause
This may be caused by Google Chrome Sync or Microsoft Edge Sync replacing settings and entries after Nebula removes them.
Resolution
To resolve this issue, you must manually remove the PUP redetections. Review the detection path in Nebula to identify the impacted Windows user, the web browser, and corresponding Chrome or Edge profiles.
Remove browser extension
If the PUP detection shows a specific extension ID, the extension can be manually removed from the following locations:
- Chrome: chrome://extensions/
- Edge: edge://extensions/
Remove suspect domain
If the PUP detection does not refer to an extension ID, a suspect domain may be configured in the browser settings under these areas.
Google Chrome
- chrome://settings/searchEngines
- chrome://settings/onStartup
- chrome://settings/content/notifications
- chrome://settings/appearance
Microsoft Edge
- edge://settings/searchEngines
- edge://settings/startHomeNTP
- edge://settings/content/notifications
- edge://settings/appearance
Example
Below is an example detection with steps on how to manually identify and remediate the PUP.
- Go to the Quarantine page and click on the threat name to locate the Windows user, browser, browser profile, and scan ID.
- Click the Scan ID.
- Scroll to the bottom to locate all of the detections and detection IDs for this scan.
- Navigate to C:\ProgramData\Malwarebytes\MBAMService\ScanResults on the endpoint with the detection.
- Locate and open the .json file that corresponds with the scan date and time.
- Reviewing the file, we can see the precise suspect domain that is being detected.
- Sign into Windows as the end user, in this case, Noah.
- Open Google Chrome and switch to the corresponding Chrome Profile.
- Navigate to the areas indicated above and review for the suspect domain.
- In this example, the suspect domain is located under chrome://settings/onStartup. Remove the domain.
If you need assistance with a PUP, contact Support.