re: 01339413

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

re: 01339413

L2 Linker

Hi Team 


One of my Customer has configured a custom signature to block the windows 7 machine based on Http request headers. This signature is working but hitting a lot of false positives as well. For example, he can see that window 8 and windows 10 also detected by this signature.


The customer has followed this KB article:


Can you please advise what next can be one 



Hi @alal 


Looking at the KB you post it seems the OS check comes to regex match in the HTTP header user-agent string.

As a start I would suggest you to check the regex expression and see if its match what it is expected or it needs to be improved. It will be useful if you can past it here.


Googling around you should be able to find how different OS versions are described in the user-agent string. My first results says:

For windows 10 it is Windows NT 10.0 for windows 8 it is 6.2, windows 8.1 it is 6.3 and windows 7 it is 6.1.

So the regex expression should look like:

User-Agent:.+Windows NT 6\.1


This is also very useful site -



  • 1 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!