Are PUAs reported as threats in Threat history information API endpoint?

  • 21 February 2017
  • 1 reply
  • 38 views

We're running some tests here at Helix, and I've noted something strange today. For some reason a device with PUAs does not return any threats listed when I make a call to the Threat History endpoint. Is this intended or a bug?
edit: Even though the PUAs are shown in the Threat History tab in the webrootanywhere dashboard. 

1 reply

Userlevel 4
Badge +9
Hi @,
 
PUAs should be listed by the threat history module in the same manner as any other threat. Here is an example:

"FileName": "MOVIEMODE.48CA2AEFA22D.2.6.78.DLL",
"PathName": "%windir%\system32\",
"MalwareGroup": "Pua.Gen",
"FirstSeen": "2017-03-06T16:52:01Z",
"LastSeen": "2017-03-06T17:32:25Z",
"ExtendedInfo": null
 
I would double check the date and time the PUA you are looking for was detected, and make sure that the threat history request you are sending encompasses that first seen date. As a side note, the threat history module in the Unity API covers up to three months back from your request epoch.
 
Best regards,
Joseph R.

Reply