Message Image

Skip main navigation (Press Enter).

Endpoint Protection

View Only

Back to discussions

Expand all | Collapse all

fingerprint file in blacklist mode.

Jump to Best Answer

Migration UserOct 30, 2015 01:50 PM

Hello , is it neccesary to have MD5 of file and file path in fingerprint file used in blacklist mode ...

ℬrίαηOct 30, 2015 01:52 PM

I've always just put in filename without the path. Similar to this article: How to utilize SEP ...

PraveenAyappanOct 31, 2015 12:45 AMBest Answer

just the fingerprint should work fine if you enter the file path as well, there may be a chance that ...

1. fingerprint file in blacklist mode.

0 Recommend
Migration User
Posted Oct 30, 2015 01:50 PM

Reply Reply Privately
Hello ,

is it neccesary to have MD5 of file and file path in fingerprint file used in blacklist mode like :

0bb018fad1b244b6020a40d7c4eb58b7 c:\dell\openmanage\remind.exe
35162d98c2b445199fef95e838feae4b c:\dell\pnp\m\co\HSFCI008.dll

or it will work even without filename and path

like this:

0bb018fad1b244b6020a40d7c4eb58b7
35162d98c2b445199fef95e838feae4b

regards

AB
2. RE: fingerprint file in blacklist mode.

0 Recommend
ℬrίαη
Posted Oct 30, 2015 01:52 PM

Reply Reply Privately
I've always just put in filename without the path. Similar to this article:

How to utilize SEP 12.1 for Incident Response - PART 2

Same should hold true for the MD5
3. RE: fingerprint file in blacklist mode.
Best Answer

0 Recommend
PraveenAyappan
Posted Oct 31, 2015 12:45 AM

Reply Reply Privately
just the fingerprint should work fine if you enter the file path as well, there may be a chance that the file will execute from a different location. Also it is never recommanded to use just the file path to block the files as this rule can be easily by passed by executing the file from a different location.

Copyright 2019. All rights reserved.

Powered by Higher Logic