md5 hash SEP
Created: 16 Jan 2013 | Updated: 06 Feb 2013 | 7 comments
This issue has been solved. See solution.
good
I have implemented SEP 12, my question is if I can set a policy that I check the md5 hash, ie if it is modified block
thank you very much
Discussion Filed Under:
Comments 7 Comments • Jump to latest comment
You can use and application and device control policy to block or allow software by hash value
This article should help in setting up hash blocking/allowing:
How to use Application and Device Control to limit the spread of a threat.
SEP Knowledge Base
Endpoint SWAT
Hi,
Yes you can Block or allow software using MD5 hash value.
How to use Symantec Endpoint Protection to block or log legitimate but unauthorized software usage
How to use Application and Device Control to limit the spread of a threat.
Check this thread
https://www-secure.symantec.com/connect/forums/how...
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Good.
Does Symantec only works with the MD5 hash algorithm?. O also supports other algorithms as
as far as I know MD5 only
SEP Knowledge Base
Endpoint SWAT
You can also block by file extension name if the program keeps the file name the same. But if the file name or extension changes you'd need to add it to the SEP policy.
Please review ideas and vote there could be something useful :)
https://www-secure.symantec.com/connect/security/ideas
Hi Julrendo,
Thumbs up to the articles above that the SEPM will block via an MD5 hash. Unfortunatly it will not update itself if these hashes are modified or adjusted they have to be put in manually.
So if a version of a program gets upgated a new MD5 hash will have to be included in the policy to block it.
Please review ideas and vote there could be something useful :)
https://www-secure.symantec.com/connect/security/ideas
HI,
No it's only work on MD5 hash value.
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Would you like to reply?
Login or Register to post your comment.