cancel
Showing results for 
Search instead for 
Did you mean: 

Can IPS be used for file content detection?

Jump to solution

I haven't been able to work this out and was hoping an expert could help.

I'm trying to get IPS to detect any instance of http or https string within any *.idx file located in "C:\Users\*\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\*\*.idx" or "C:\Users\*\AppData\LocalLow\Sun\Java\Deployment\systemcache\6.0\*\*.idx"

I'll exclude known good like https://dl.java.com and a few others

Can IPS do this?

1 Solution

Accepted Solutions
Highlighted

Re: Can IPS be used for file content detection?

Jump to solution

You can use a file class signature to detect the presence of a .idx file, but not anything contained within it.

2 Replies
Highlighted

Re: Can IPS be used for file content detection?

Jump to solution

You can use a file class signature to detect the presence of a .idx file, but not anything contained within it.

Re: Can IPS be used for file content detection?

Jump to solution

That's what I've been thinking. I am supposing that it would use up too many cycles for inclusion into the module so I've written a batch script to inspect hosts that pop for the .idx itself.

From there, I'll just upload any suspect samples to virustotal.com...

Thanks for the help!

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community