Endpoint Protection (EP) and Endpoint Detection and Response (EDR) software detects Potentially Unwanted Programs (PUPs) and Potentially Unwanted Modifications (PUMs). PUPs and PUMs are not considered malicious, but they may have undesirable effects that we do not recommend.
What is the difference between a PUP and a PUM?
PUPs usually come in the form of toolbars, bundleware, bloatware, or similar programs that exhibit unwelcome behavior. PUPs can diminish an end user's experience, but they are not classified as malware. To see how a program is classified as a PUP, refer to the PUP Reconsideration Information.
PUMs are detected when specific modifications are made to the Windows Registry. Malware may modify the Windows registry to obfuscate its location and make remediation difficult. To ensure you have authorized these modifications, your our software alerts you whenever a PUM is detected.
Why am I seeing PUPs and PUMs?
If your users have permission to download toolbars, extensions, or other software, there's a high possibility your endpoints have PUPs and PUMs. Some PUPs and PUMs can be installed without administrator permissions; especially if you do not enforce permissions. To help decrease PUP and PUM detections, you may want to implement or revise the permissions on your endpoints.
Why is Nebula repeatedly detecting the same PUPs?
If Nebula does not remove a PUP completely, the PUP may restore itself, which can cause the PUP to continue appearing in your detections. PUPs are commonly found in browsers, which can make PUPs difficult to remove if your browser is synced across multiple devices. If your end user is logged into their browser, there's a chance the browser is syncing PUPs from their personal devices. Refer to Endpoint Protection keeps detecting the same PUP for more details.
Does Nebula remove PUPs and PUMs automatically?
EP and Incident Response removes PUPs and PUMs automatically. To configure how Nebula treats PUPs and PUMs, refer to Scan policy settings in Nebula.
Can I choose how Nebula treats PUPs and PUMs?
Yes, you can choose how you want Nebula to treat PUPs and PUMs on your endpoints. You can set Nebula to ignore PUPs and PUMs completely or decide what Nebula does when PUPs and PUMs are detected.
How do I stop Nebula from detecting a program I want to keep?
To prevent your Nebula software from detecting a program, add the program to the exclusions. If you need to exclude the PUP on all endpoints, you may want to consider adding a wildcard (*) in place of usernames or folders. For more information refer to Add exclusions in Nebula.
How do I stop Nebula from detecting a Group Policy registry key?
If your Nebula software has detected a PUM that you configured from your Group Policy, you can add the PUM to your exclusions. For instructions on excluding PUMs, see Group Policy registry keys detected as PUMs in Nebula