Forum Discussion

Altostratus

Jul 12, 2024

Windows PowerShell "cp" execution attempt (Parameter)

Hello everyone. In a security policy I am alarmed by an attack signature due to the detection of "cp", this identifies it as a command, however, it is part of the character string that is used to fil...

security

unblock

zamroni777

MVP

Jul 16, 2024

ensure that you select correct server tech entries in the asm profile, e.g. dont include windows if the webserver is not windows based.
if above is correctly done but you still get false positive then you need to allow that particular traffic.

i had similar thing on waf config for car dealership.
there were sql injection false positives because of many "select" in the submited web forms.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Windows PowerShell "cp" execution attempt (Parameter)

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Cannot ping external interface

Dump all host running services during APM logon

NGINX event logs send to F5 Data Collection Device and analysis from BIG-IQ it possible or not?

Failed to execute iptable cmd: ," CMD="iptables -A SSH_ALLOW_RULES error

HA Failover between two Datacenters

Related Content

Microsoft Powershell with iControl

F5 Automation with PowerShell - Part 1

F5 Automation with PowerShell - Part 2

PowerShell module for the F5 LTM REST API

F5 Automation with PowerShell - Part 4

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS