Forum Discussion

Altostratus

Jul 12, 2024

Windows PowerShell "cp" execution attempt (Parameter)

Hello everyone. In a security policy I am alarmed by an attack signature due to the detection of "cp", this identifies it as a command, however, it is part of the character string that is used to fil...

security

AARM00502

Altostratus

So there is no signature that can be used to avoid leaving that area uncovered? That is to say, so that the execution of malicious commands is not allowed, without this macho with some other string of characters.

zamroni777

Nacreous

Jul 25, 2024

waf config needs to involve application team.
if they can ensure that those input data will not be executed in windows powershell, then you can unblock that particular filter.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Windows PowerShell "cp" execution attempt (Parameter)

Recent Discussions

VIP needed for many UDP ports

Creating Policy using Terraform

Unable to get Internet in server using SWG forward Proxy.

ASM don't block attack XSS

AWAF ADD-ON MODULE

Related Content

F5 Automation with PowerShell - Part 1

Microsoft Powershell with iControl

F5 Automation with PowerShell - Part 2

F5 Automation with PowerShell - Part 4

F5 Automation with PowerShell - Part 3

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS