We're running some tests here at Helix, and I've noted something strange today. For some reason a device with PUAs does not return any threats listed when I make a call to the Threat History endpoint. Is this intended or a bug?
edit: Even though the PUAs are shown in the Threat History tab in the webrootanywhere dashboard.
+9Hi @ ,
PUAs should be listed by the threat history module in the same manner as any other threat. Here is an example:
"FileName": "MOVIEMODE.48CA2AEFA22D.2.6.78.DLL",
"PathName": "%windir%\system32\",
"MalwareGroup": "Pua.Gen",
"FirstSeen": "2017-03-06T16:52:01Z",
"LastSeen": "2017-03-06T17:32:25Z",
"ExtendedInfo": null
I would double check the date and time the PUA you are looking for was detected, and make sure that the threat history request you are sending encompasses that first seen date. As a side note, the threat history module in the Unity API covers up to three months back from your request epoch.
Best regards,
Joseph R.
PUAs should be listed by the threat history module in the same manner as any other threat. Here is an example:
"FileName": "MOVIEMODE.48CA2AEFA22D.2.6.78.DLL",
"PathName": "%windir%\system32\",
"MalwareGroup": "Pua.Gen",
"FirstSeen": "2017-03-06T16:52:01Z",
"LastSeen": "2017-03-06T17:32:25Z",
"ExtendedInfo": null
I would double check the date and time the PUA you are looking for was detected, and make sure that the threat history request you are sending encompasses that first seen date. As a side note, the threat history module in the Unity API covers up to three months back from your request epoch.
Best regards,
Joseph R.
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.