Manual Chapter : Customizing Web-RootKit detection

Applies To:

Show Versions Show Versions

BIG-IP FPS

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Manual Chapter

Customizing Web-RootKit detection

The Web-RootKit detection malware check is performed only on URLs where this malware check is enabled.
The BIG-IP system checks a default list of functions for tampering when it performs the Web-Rootkit detection malware check. Customize Web-RootKit detection if you want to add or remove functions from this default list.
  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. From the list of profiles, select the relevant profile.
    The Anti-Fraud Profile Properties screen opens.
  3. In the Anti-Fraud Configuration area, click
    Malware Detection
    General Settings
    .
  4. Click
    Advanced
    in the Malware Detection area of the screen.
  5. In the
    Web-RootKit Detection for these additional functions
    field, add names of functions that you want the system to check for tampering when the Web-RootKit detection malware check is performed.
    The added functions must be native browser functions and must include the full path. For example, to add the function
    addEventListener
    , type
    document.addEventListener
    .
  6. In the
    Ignore Web-RootKit Detection for these functions
    field, add names of functions that you want the system to ignore when the Web-RootKit detection malware check is performed.
    The functions you add in this field must be functions that appear on the default list of functions. The system will check these functions for tampering if they are not listed here.
  7. Click
    Save
    .
    The anti-fraud profile is updated with the changes you made.