Yes. Web Agent blocks both of ‘\’ and ‘%5c’ in the form data.
A POST method request to FCC-based Password Services (smpwservices.fcc) is intercepted and modified so that the username field contains '\'. In this case, username is ‘Mikel\foo'.
ACO parameter settings:
Web Agent trace log shows below message (snippet):
[SmFCC.cpp:2184][SmFcc::buildOutputForm]…..[BadFormChars found substituting Mikel\foo' for variable 'username', data blocked.]
Notes: This is not applicable to the 'username' field in login.fcc.