Manual Chapter :
Customizing Web-RootKit detection
Applies To:
Show Versions
BIG-IP FPS
- 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Customizing Web-RootKit detection
The Web-RootKit detection malware check is performed only on URLs where this malware
check is enabled.
The BIG-IP system checks a default list of functions for
tampering when it performs the Web-Rootkit detection malware check. Customize
Web-RootKit detection if you want to add or remove functions from this default
list.
- On the Main tab, click .The Anti-Fraud Profiles screen opens.
- From the list of profiles, select the relevant profile.The Anti-Fraud Profile Properties screen opens.
- In the Anti-Fraud Configuration area, click .
- ClickAdvancedin the Malware Detection area of the screen.
- In theWeb-RootKit Detection for these additional functionsfield, add names of functions that you want the system to check for tampering when the Web-RootKit detection malware check is performed.The added functions must be native browser functions and must include the full path. For example, to add the functionaddEventListener, typedocument.addEventListener.
- In theIgnore Web-RootKit Detection for these functionsfield, add names of functions that you want the system to ignore when the Web-RootKit detection malware check is performed.The functions you add in this field must be functions that appear on the default list of functions. The system will check these functions for tampering if they are not listed here.
- ClickSave.The anti-fraud profile is updated with the changes you made.
