Manual Chapter : Defining general settings for a user-defined malware type

Applies To:

Show Versions Show Versions

BIG-IP FPS

  • 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Manual Chapter

Defining general settings for a user-defined malware type

To apply FPS malware detection to a user-defined malware type, you must first define general settings for the user-defined malware type.
  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. From the list of profiles, select the relevant profile.
    The Anti-Fraud Profile Properties screen opens.
  3. In the Anti-Fraud Profile Configuration area, click
    Malware Detection
    Malware List
    .
    The list of user-defined malware types is displayed.
    The list of default malware types that FPS checks for is not displayed in the Malware List.
  4. Click
    Add
    .
    The Create New Malware screen opens.
  5. In the General Settings area, in the
    Malware Name
    field type a name for the malware.
    You cannot create the malware type if you did not assign a name to the malware.
  6. In the
    Ignore predefined forbidden words
    field, add words from the list that you want the BIG-IP system to ignore if they appear in the web application's HTML or JavaScript code.
    This list is used to prevent false-positive alerts caused by the BIG-IP system's default list of forbidden words.
  7. In the
    Search for malicious function name patterns in AJAX requests
    field, add names of malicious function patterns that the FPS JavaScript will search for in AJAX requests.
    If the FPS JavaScript finds a name in an AJAX request from the client's web browser, an alert is generated.
  8. In the
    Match these URL patterns in AJAX requests and external scripts
    field, add URL patterns that the FPS JavaScript will search for in AJAX requests and external scripts on the HTML code of the web page.
    If the FPS JavaScript finds a URL pattern in an AJAX request or external script, an alert is generated.
  9. Click
    Create
    .
The system creates the malware type with the general settings that you defined.