Push Help Center
Ready to help
Help for administrators
Help for admins
Help for employees
Help for employees
Help for administrators
/
Privacy and security

How does Push detect attacks like ClickFix and FileFix?

An increasingly common form of browser-based attack tricks users into running malicious scripts on their devices — often in the guise of a CAPTCHA or a message prompting them to “fix an error on this webpage.” These attacks are known by names such as ClickFix, FileFix, or fake CAPTCHAs.

Push provides Malicious copy and paste detection to identify these kinds of attacks. It works by looking for indicators of suspicious payloads being copied onto a user’s clipboard.

Detections will appear on the Detections page of the Push admin console and include a timeline of events, a detection URL, optional screenshot and additional enrichment about a detected domain, if available.

Clickfix detection example - KB 10141

Malicious copy and paste detection is in Monitor mode by default. You can create a rule for the control on the Controls page to exclude certain employees or employee groups, if desired. To create an exception group, select Add rule and set the Mode to Off, then select which individuals or employee groups should be excluded from the detection.

Push recommends creating an exception rule for employees who regularly deal with malicious payloads, such as SOC staff.

Clickfix rule config slideout - KB 10141

Need more help?
Questions, feedback, tech support, sales support - anything you need.
We’ll get back to you within a day.