Pattern Exception Example

Example Scenario: Assume a case where strings such as PCU, PCX, PCW, PCV are recognized as <% (ASP script start tag) etc. during the Base64 decoding process, causing a False Positive by the [WebShell-Common] pattern.

1. Check Detection Log

First, check the exact string pattern that caused the false positive through the detection log.

2. Create User Pattern for Exception

To make an exception for the string causing the false positive (e.g., PCU), create and register a new security pattern containing that string.

3. Add Pattern and Set ALLOW

In the [SET POLICY] > Add Pattern menu, add the newly created pattern and set the action to ALLOW.

4. Priority Setting (Important)

Set the priority of the added exception (ALLOW) pattern one step higher than the existing blocking [WebShell-Common Code Injection] pattern, then save.

Note

Precautions
* If the priority of the exception pattern (ALLOW) is lower than the blocking pattern, the exception is not applied and it will still be blocked.
* Conversely, if the exception pattern is set too broadly or the priority is set too high, please configure with caution as False Negatives may occur when actual attack code is introduced along with the exception pattern.