Forum Discussion

Altostratus

Jul 12, 2024

Windows PowerShell "cp" execution attempt (Parameter)

Hello everyone. In a security policy I am alarmed by an attack signature due to the detection of "cp", this identifies it as a command, however, it is part of the character string that is used to fil...

security

zamroni777

Nacreous

Jul 16, 2024

ensure that you select correct server tech entries in the asm profile, e.g. dont include windows if the webserver is not windows based.
if above is correctly done but you still get false positive then you need to allow that particular traffic.

i had similar thing on waf config for car dealership.
there were sql injection false positives because of many "select" in the submited web forms.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Windows PowerShell "cp" execution attempt (Parameter)

Recent Discussions

VIP needed for many UDP ports

Creating Policy using Terraform

Unable to get Internet in server using SWG forward Proxy.

ASM don't block attack XSS

AWAF ADD-ON MODULE

Related Content

F5 Automation with PowerShell - Part 1

Microsoft Powershell with iControl

F5 Automation with PowerShell - Part 2

F5 Automation with PowerShell - Part 4

F5 Automation with PowerShell - Part 3

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS