I need a solution
Hello Team,
We are continuosly seeing the alerts related to Downloader Dromedan attack activity blocked and the culprit service is regsvr32.exe which falls under the category of SONAR.SuspLaunch!g24 as reported by Symantec. Please assist so as to what steps should be followed:
| Windows 7 Professional Edition | SONAR.SuspLaunch!g24 Security Risk | 1 | 08/20/2018 09:16:43 | Default | c:\windows\system32\regsvr32.exe | SHA-256 890c1734ed1ef6b2 422a9b21d6205cf9 1e014add8a7f41aa 5a294fcf60631a7b |
| 08/18/2018 09:04:40 | Active Response disengaged | Windows 7 Enterprise Edition | Info and above | Other | Default | 1 | ||||||
| 08/18/2018 08:55:40 | Intrusion Prevention | Windows 7 Enterprise Edition | Critical | Inbound | Default | 1 | ||||||
| 08/18/2018 08:54:45 | Active Response | Windows 7 Enterprise Edition | Major and above | Inbound | Default | 1 |
0