Forum Discussion

Altostratus

Jul 12, 2024

Windows PowerShell "cp" execution attempt (Parameter)

Hello everyone. In a security policy I am alarmed by an attack signature due to the detection of "cp", this identifies it as a command, however, it is part of the character string that is used to fil...

security

AARM00502

Altostratus

So there is no signature that can be used to avoid leaving that area uncovered? That is to say, so that the execution of malicious commands is not allowed, without this macho with some other string of characters.

zamroni777

Nacreous

Jul 25, 2024

waf config needs to involve application team.
if they can ensure that those input data will not be executed in windows powershell, then you can unblock that particular filter.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Windows PowerShell "cp" execution attempt (Parameter)

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

F5 Automation with PowerShell - Part 1

Microsoft Powershell with iControl

F5 Automation with PowerShell - Part 2

F5 Automation with PowerShell - Part 4

F5 Automation with PowerShell - Part 3

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS