Forum Discussion
AARM00502
Jul 12, 2024Altostratus
Windows PowerShell "cp" execution attempt (Parameter)
Hello everyone. In a security policy I am alarmed by an attack signature due to the detection of "cp", this identifies it as a command, however, it is part of the character string that is used to fil...
AARM00502
Altostratus
So there is no signature that can be used to avoid leaving that area uncovered? That is to say, so that the execution of malicious commands is not allowed, without this macho with some other string of characters.
zamroni777
Jul 25, 2024Nacreous
waf config needs to involve application team.
if they can ensure that those input data will not be executed in windows powershell, then you can unblock that particular filter.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects