Video Screencast Help

md5 hash SEP

Created: 16 Jan 2013 • Updated: 06 Feb 2013 | 7 comments
julrendo's picture
This issue has been solved. See solution.

good

I have implemented SEP 12, my question is if I can set a policy that I check the md5 hash, ie if it is modified block

thank you very much

Comments 7 CommentsJump to latest comment

.Brian's picture

You can use and application and device control policy to block or allow software by hash value

This article should help in setting up hash blocking/allowing:

How to use Application and Device Control to limit the spread of a threat.

Article:TECH93451  |  Created: 2009-01-15  |  Updated: 2012-04-24  |  Article URL http://www.symantec.com/docs/TECH93451

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ashish-Sharma's picture

Hi,

Yes you can Block or allow software using MD5 hash value.

 

How to use Symantec Endpoint Protection to block or log legitimate but unauthorized software usage

Article:TECH97618  |  Created: 2009-01-20  |  Updated: 2009-01-20  |  Article URL http://www.symantec.com/docs/TECH97618
 

 

How to use Application and Device Control to limit the spread of a threat.

Article:TECH93451  |  Created: 2009-01-15  |  Updated: 2012-04-24  |  Article URL http://www.symantec.com/docs/TECH93451
 

Check this thread

https://www-secure.symantec.com/connect/forums/how...

Thanks In Advance

Ashish Sharma

 

 

SOLUTION
julrendo's picture

Good.

 

Does Symantec only works with the MD5 hash algorithm?. O also supports other algorithms as

 

MD4:                                                                         
SHA 160bit (SHA1):           
SHA 256bit:                          
SHA 384bit:                          
SHA 512bit: 
 
Thanks.
.Brian's picture

as far as I know MD5 only

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

GeoGeo's picture

You can also block by file extension name if the program keeps the file name the same. But if the file name or extension changes you'd need to add it to the SEP policy.

Please review ideas and vote there could be something useful :)

https://www-secure.symantec.com/connect/security/ideas

 

GeoGeo's picture

Hi Julrendo,

Thumbs up to the articles above that the SEPM will block via an MD5 hash. Unfortunatly it will not update itself if these hashes are modified or adjusted they have to be put in manually.

So if a version of a program gets upgated a new MD5 hash will have to be included in the policy to block it.

Please review ideas and vote there could be something useful :)

https://www-secure.symantec.com/connect/security/ideas

 

Ashish-Sharma's picture

HI,

No it's only work on MD5 hash value.

Thanks In Advance

Ashish Sharma