cancel
Showing results for 
Search instead for 
Did you mean: 

Can IPS be used for file content detection?

Jump to solution

I haven't been able to work this out and was hoping an expert could help.

I'm trying to get IPS to detect any instance of http or https string within any *.idx file located in "C:\Users\*\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\*\*.idx" or "C:\Users\*\AppData\LocalLow\Sun\Java\Deployment\systemcache\6.0\*\*.idx"

I'll exclude known good like https://dl.java.com and a few others

Can IPS do this?

1 Solution

Accepted Solutions

Re: Can IPS be used for file content detection?

Jump to solution

You can use a file class signature to detect the presence of a .idx file, but not anything contained within it.

2 Replies

Re: Can IPS be used for file content detection?

Jump to solution

You can use a file class signature to detect the presence of a .idx file, but not anything contained within it.

Re: Can IPS be used for file content detection?

Jump to solution

That's what I've been thinking. I am supposing that it would use up too many cycles for inclusion into the module so I've written a batch script to inspect hosts that pop for the .idx itself.

From there, I'll just upload any suspect samples to virustotal.com...

Thanks for the help!