Manual Chapter :
Configuring malware detection on a URL or view
Applies To:
Show VersionsBIG-IP FPS
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Configuring malware detection on a URL or view
Configure malware detection on a URL
or view in the anti-fraud profile to apply FPS malware detection on the web page of the
URL or view, and to create and send an alert to the FPS Dashboard if malware is
detected.
- On the Main tab, click.The Anti-Fraud Profiles screen opens.
- From the list of profiles, select the relevant profile.The Anti-Fraud Profile Properties screen opens.
- In the Anti-Fraud Configuration area, clickURL List.The URL List opens.
- Click the URL or view on which you want to configure malware detection (or clickAdd URLorAdd Viewif you want to define a new URL or view with malware detection).The URL Properties (or View Properties) screen opens.
- In the URL Configuration (or View Configuration) area, selectMalware Detection.The Malware Detection configuration options appear.
- Ensure that theEnabledcheck box forMalware Detectionis selected.
- Select theEnabledcheck box forAttach HTML to Alertsif you want the system to attach HTML information on the web page to alerts.
- ClickAdvanced.
- Select theEnabledcheck box forGeneric Malware Detectionif you want the system to apply detection of generic malware on the web page of the URL or view using honeypots.
- Select theEnabledcheck box forExternal URL Injection Detectionif you want the system to detect malicious scripts injected from domains that are not in the domains whitelist.The domains whitelist is configured in theAllow URLs from these external domainssetting of the Malware Detection area in the Anti-Fraud Profile Properties screen.
- Select theEnabledcheck box forCheck Client Network Connectionif you want the system to check that the client's network connectivity is not blocked by malware when the client opens the web page.
- Select theEnabledcheck box forRAT Detectionif you want the system to check for Remote Access Trojans (RATs) on the web page.
- Select theEnabledcheck box forVBKlip Detectionif you want the system to check for VBKlip malware on the web page.
- Select theEnabledcheck box forWeb-RootKit Detectionif you want the system to check for Web-RootKit malware on the web page.
- Select theEnabledcheck box forDynamic Script Removal Detectionif you want the system to check at run-time for self-removing malicious JavaScript that runs on the web page before the FPS JavaScript is executed.
- Select theEnabledcheck box forStatic Script Removal Detectionif you want the system to check for self-removing malicious JavaScript in the HTML that runs on the web page before the FPS JavaScript is executed.
- Select theEnabledcheck box forSame-Domain Scripts Validationif you want the system to check that JavaScript that belongs to the domain of the web page has not been changed.
- Select theEnabledcheck box forPassword Exfiltration Detectionif you want the system to detect attempts to steal the user's password in the web browser.An alert is triggered if such an attempt is detected.For this detection to be active, your URL must have a parameter set asIdentify as Usernameand at least one parameter set asSubstitute Value.
- Select theEnabledcheck box forDeferred Execution Detectionif you want the system to check for deferred execution attacks on the web page.
- Select theEnabledcheck box forBlocked Enter Key Detectionif you want the system to check for malware that blocks the user from pressing the Enter key on the web page.
- Select theEnabledcheck box forMandatory Wordsif you want the system to search the web page for words that must appear and may not be changed.Enabling this setting displays theWords that must be included in the pagesetting, where you can add words that must appear in the web page and may not be changed. If these words are changed or removed, the system sends an alert.
- To add a word to this list, type the word in the text field, and clickAdd.
- ClickSave.The URL or view configuration settings are saved.