Endpoint Protection Small Business Edition

I've had one of my RMM clients get repeated attacks from MindSpark, with Malwarebytes cleaning up over 400 components in a shot.

I thought MBAM was supposed to keep the system protected, but the NOC tells me that this is being caused by a worm, specifically Trojan.Gen.ML.

According to the article they provided (http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/worm_lineage.ju), Symantec is supposed to stop/block it, but that has not been the case.

I've gone back through my email for the past 12 months as well as various Partner Management Console reports and cannot find any evidence of having recieved an alert for this particular event. In fact, the only alert for this computer was this one:

So I am wondering if anyone knows why this got through?

FWIW:  It turns out that Junkware Removal Tool (JRT.exe), also from Malwarebytes, did perform a thorough cleaning...

Do you have a sample you can submit to them?

No, that's just it.  I can't find anything that might have been the cause.

Certainly not anything that Symantec captured in a quarantine.

The JRT merely deleted the inappropriate registry entries and four Temporary Internet Files folders to (I hope) prevent recurrence.

Being that it's a 'Web Attack' it usually just means a user is hitting (unknowingly) a malicious URL. They could be on a legit site and there are Ads on that site attemtping to re-direct to malicious sites.