I haven't been able to work this out and was hoping an expert could help.
I'm trying to get IPS to detect any instance of http or https string within any *.idx file located in "C:\Users\*\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\*\*.idx" or "C:\Users\*\AppData\LocalLow\Sun\Java\Deployment\systemcache\6.0\*\*.idx"
I'll exclude known good like https://dl.java.com and a few others
Can IPS do this?
Solved! Go to Solution.
That's what I've been thinking. I am supposing that it would use up too many cycles for inclusion into the module so I've written a batch script to inspect hosts that pop for the .idx itself.
From there, I'll just upload any suspect samples to virustotal.com...
Thanks for the help!