Endpoint Protection

 View Only

  • 1.  Hash value to SEP risk logs

    Posted Aug 28, 2015 05:20 AM
    Dear All, I want to extract HASH value from SEP risk logs or from sep web console for detected malware. Is their any way to collect such information from sepm web consol or from sep risk logs. Thanks,


  • 2.  RE: Hash value to SEP risk logs

    Posted Aug 28, 2015 06:15 AM

    In the Risk log, click on the risk and then on "Details". You'll find its SHA-2 hash.

    In the Exception policy, under "Windows Exceptions > Applications", you can see the hashes as well.

    ##EDIT

    If you want to grab all hashes, just export the Risk log and open it in a spreadsheet.



  • 3.  RE: Hash value to SEP risk logs

    Posted Aug 28, 2015 06:33 AM

    The Risk log itself should contain these. Just export and filter on the column as needed.



  • 4.  RE: Hash value to SEP risk logs

    Posted Aug 28, 2015 08:31 AM

    when you export risk log you can find these information in the Column U,V in the by the name "Application Hash" "Hash Algorithm"



  • 5.  RE: Hash value to SEP risk logs

    Posted Aug 28, 2015 10:57 AM

    Hi Milan_T,

    This should help:

    How to determine the unique hash of a file detected by Symantec Endpoint Protection
    Article URL: http://www.symantec.com/docs/TECH211522

    Don't forget about SONAR's detctions, as well:

    Using SEPM Alerts and Reports to Combat a Malware Outbreak
    https://www-secure.symantec.com/connect/articles/using-sepm-alerts-and-reports-combat-malware-outbreak

     

    For the benefit of future admins with the same question, please do mark this thread "Solved" if you have received your answer!

    With thanks and best regards,

    Mick