Bug ID 703129: False 'Web Rootkit detected' on UC browser for ChromeOS running on a mobile device

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
14.0.0,,,,,, 14.0.1,

Fixed In:

Opened: Jan 23, 2018

Severity: 3-Major


When proactive bot defense, which provides headless browser detection, is enabled, a request from the UC Browser running on a mobile device, gets a high score and might be reset/CAPTCHA'd.


Potential reset/CAPTCHA in this case. In addition to the system presenting a false 'Web Rootkit detected' alert, there are other violations detected within the request.


1. ASM or DOS provisioned. 2. Proactive bot defense (headless browsers detection) enabled in DoS Application profile and DoS profile assigned on a virtual server. 3. Request is sent without TSPD101 cookie.


You can use either of the following workarounds: -- Disable headless browser detection (under proactive bot defense). -- Raise reset/CAPTCHA score limits using the following commands: list sys db dosl7.browser_legit_min_score_captcha sys db dosl7.browser_legit_min_score_captcha { value "60" } list sys db dosl7.browser_legit_min_score_drop sys db dosl7.browser_legit_min_score_drop { value "120" }

Fix Information

Rootkit checks for UC Browser are improved.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips