Forum Discussion

Altostratus

Jul 12, 2024

Windows PowerShell "cp" execution attempt (Parameter)

Hello everyone. In a security policy I am alarmed by an attack signature due to the detection of "cp", this identifies it as a command, however, it is part of the character string that is used to fil...

security

zamroni777

Nacreous

Jul 16, 2024

ensure that you select correct server tech entries in the asm profile, e.g. dont include windows if the webserver is not windows based.
if above is correctly done but you still get false positive then you need to allow that particular traffic.

i had similar thing on waf config for car dealership.
there were sql injection false positives because of many "select" in the submited web forms.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Windows PowerShell "cp" execution attempt (Parameter)

Recent Discussions

how to whitelist new source IP on F5 web UI access

F5 to read a combined CRL file

Upgrade F5 BIGIP

ISP Load Balancing, SNAT pool instead of Automap link self-ip, anyway to do health check ?

MAC address of deleted VS IP address still responsive

Related Content

F5 Automation with PowerShell - Part 1

Microsoft Powershell with iControl

F5 Automation with PowerShell - Part 2

F5 Automation with PowerShell - Part 4

F5 Automation with PowerShell - Part 3

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS