I need a solution
Hello,
We are getting notification at regularly:
| Occurrence: | 1 |
| Signature Name: | System Infected: W97M.Downloader Activity 24 |
| Signature ID: | 29742 |
| Signature Sub ID: | 73736 |
| Intrusion URL: | update-kernal.net/update-index.aspx?req=69210945%5Cdwn&m=d |
| Intrusion Payload URL: | N/A |
| Event Description: | [SID: 29742] System Infected: W97M.Downloader Activity 24 attack blocked. Traffic has been blocked for this application: C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE |
| Event Type: | Intrusion Prevention |
| Hack Type: | 0 |
| Severity: | Critical |
| Application Name: | C:/WINDOWS/SYSTEM32/WINDOWSPOWERSHELL/V1.0/POWERSHELL.EXE |
| Network Protocol: | TCP |
| Traffic Direction: | Inbound |
| Remote IP: | 52.213.114.86 |
after every 2 mint symantec detect the same.
kindly advice how to get rid of this situation.
We also block remote IP at internet firewall, and url at proxy, but still getting the notification.
0