Hi all,
This week Symantec client detected a possible PAU.Jscoinminer attack, of course the *.htm file detected was placed on quarantine. And we thougt that it did not infect the PC. And cheking regedit values we saw and strange entry on this path:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan\4294908528
That entry has information related to PAU.JScoinminer virus. Our doubt is, why symantec client add an entry about that virus?, or is not client? .
S.O: Windows 10 64bits.
SEP: 12.1.6
We attached a JPG file of that entry.
Thanks in advanced.