This detection is for potentially unwanted modifications (PUMs) in the registry where the default Windows shell value, explorer.exe, is replaced with cmd.exe. This can be done by malware to hinder users in cleaning up their system.
The following registry value data are modified:
Malwarebytes can modify these registry value data back to their Windows default settings without user interaction.
Also, we advise users to do a full system scan as PUM.Optional.CMDShell could have been added to the system by malware or PUP.
When PUM is detected on your computer, Malwarebytes for Windows does not know if it was authorized. Optimization software, malware, and Potentially Unwanted Programs (PUPs) are known to make these types of changes, hence they are regarded as potentially unwanted.
To have Malwarebytes for Windows ignore a PUM, you must add the PUM as an exclusion.
When a PUM is excluded, Malwarebytes for Windows does not detect the PUM during scans or Real-Time Protection.