Endpoint Protection

 View Only

  • 1.  [SID: 30341] Audit: PUA.JSCoinminer Download 2 attack detected but not blocked.

    Posted Oct 10, 2017 04:39 AM

    Hi team,

    Below detection we see, what is solution from Symantec on this.

    [SID: 30341] Audit: PUA.JSCoinminer Download 2 attack detected but not blocked. Application path: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE



  • 2.  RE: [SID: 30341] Audit: PUA.JSCoinminer Download 2 attack detected but not blocked.

    Posted Oct 10, 2017 05:50 AM

    You can set the signature to block.

    Did you run a full scan? Did you you try Norton Bootable Recovery?

    https://security.symantec.com/nbrt/nbrt.aspx



  • 3.  RE: [SID: 30341] Audit: PUA.JSCoinminer Download 2 attack detected but not blocked.

    Posted Nov 10, 2017 09:15 AM

    Hi Simpi,

    Thanks for the post.  I am assuming that you have configure the IPS policy to "block" for that signature-? (IPS Audit signatures are intended to alert admins about the presence of questionable traffic only.  They do not block by default.)

    If you have changed the policy to block and it still does not block, are you running SEP 12.1 by any chance-?  This article may be at the root of your trouble:

    Intrusion Prevention exceptions may not work in Endpoint Protection versions 12.1.x using CIDS 16.1.4
    http://www.symantec.com/docs/TECH248000