Manual Chapter : Configuring malware detection on a URL or view

Applies To:

Show Versions Show Versions

BIG-IP FPS

  • 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Manual Chapter

Configuring malware detection on a URL or view

Configure malware detection on a URL or view in the anti-fraud profile to apply FPS malware detection on the web page of the URL or view, and to create and send an alert to the FPS Dashboard if malware is detected.
  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. From the list of profiles, select the relevant profile.
    The Anti-Fraud Profile Properties screen opens.
  3. In the Anti-Fraud Configuration area, click
    URL List
    .
    The URL List opens.
  4. Click the URL or view on which you want to configure malware detection (or click
    Add URL
    or
    Add View
    if you want to define a new URL or view with malware detection).
    The URL Properties (or View Properties) screen opens.
  5. In the URL Configuration (or View Configuration) area, select
    Malware Detection
    .
    The Malware Detection configuration options appear.
  6. Ensure that the
    Enabled
    check box for
    Malware Detection
    is selected.
  7. Select the
    Enabled
    check box for
    Attach HTML to Alerts
    if you want the system to attach HTML information on the web page to alerts.
  8. Click
    Advanced
    .
  9. Select the
    Enabled
    check box for
    Generic Malware Detection
    if you want the system to apply detection of generic malware on the web page of the URL or view using honeypots.
  10. Select the
    Enabled
    check box for
    External URL Injection Detection
    if you want the system to detect malicious scripts injected from domains that are not in the domains whitelist.
    The domains whitelist is configured in the
    Allow URLs from these external domains
    setting of the Malware Detection area in the Anti-Fraud Profile Properties screen.
  11. Select the
    Enabled
    check box for
    Check Client Network Connection
    if you want the system to check that the client's network connectivity is not blocked by malware when the client opens the web page.
  12. Select the
    Enabled
    check box for
    RAT Detection
    if you want the system to check for Remote Access Trojans (RATs) on the web page.
  13. Select the
    Enabled
    check box for
    VBKlip Detection
    if you want the system to check for VBKlip malware on the web page.
  14. Select the
    Enabled
    check box for
    Web-RootKit Detection
    if you want the system to check for Web-RootKit malware on the web page.
  15. Select the
    Enabled
    check box for
    Dynamic Script Removal Detection
    if you want the system to check at run-time for self-removing malicious JavaScript that runs on the web page before the FPS JavaScript is executed.
  16. Select the
    Enabled
    check box for
    Static Script Removal Detection
    if you want the system to check for self-removing malicious JavaScript in the HTML that runs on the web page before the FPS JavaScript is executed.
  17. Select the
    Enabled
    check box for
    Same-Domain Scripts Validation
    if you want the system to check that JavaScript that belongs to the domain of the web page has not been changed.
  18. Select the
    Enabled
    check box for
    Password Exfiltration Detection
    if you want the system to detect attempts to steal the user's password in the web browser.
    An alert is triggered if such an attempt is detected.
    For this detection to be active, your URL must have a parameter set as
    Identify as Username
    and at least one parameter set as
    Substitute Value
    .
  19. Select the
    Enabled
    check box for
    Deferred Execution Detection
    if you want the system to check for deferred execution attacks on the web page.
  20. Select the
    Enabled
    check box for
    Blocked Enter Key Detection
    if you want the system to check for malware that blocks the user from pressing the Enter key on the web page.
  21. Select the
    Enabled
    check box for
    Mandatory Words
    if you want the system to search the web page for words that must appear and may not be changed.
    Enabling this setting displays the
    Words that must be included in the page
    setting, where you can add words that must appear in the web page and may not be changed. If these words are changed or removed, the system sends an alert.
    1. To add a word to this list, type the word in the text field, and click
      Add
      .
  22. Click
    Save
    .
    The URL or view configuration settings are saved.