cancel
Showing results for 
Search instead for 
Did you mean: 

Can IPS be used for file content detection?

Jump to solution

I haven't been able to work this out and was hoping an expert could help.

I'm trying to get IPS to detect any instance of http or https string within any *.idx file located in "C:\Users\*\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\*\*.idx" or "C:\Users\*\AppData\LocalLow\Sun\Java\Deployment\systemcache\6.0\*\*.idx"

I'll exclude known good like https://dl.java.com and a few others

Can IPS do this?

1 Solution

Accepted Solutions
Highlighted

Re: Can IPS be used for file content detection?

Jump to solution

You can use a file class signature to detect the presence of a .idx file, but not anything contained within it.

2 Replies
Highlighted

Re: Can IPS be used for file content detection?

Jump to solution

You can use a file class signature to detect the presence of a .idx file, but not anything contained within it.

Re: Can IPS be used for file content detection?

Jump to solution

That's what I've been thinking. I am supposing that it would use up too many cycles for inclusion into the module so I've written a batch script to inspect hosts that pop for the .idx itself.

From there, I'll just upload any suspect samples to virustotal.com...

Thanks for the help!

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator