Consistent hash / certificate based exception for Endpoint Protection
Created: 24 Oct 2012
Currently hashed can be used for application control and firewall only. Exception for malware are limited to path, filename and extension. In some cases the filename and/or path is changed but the files are the same. In these cases it would be useful that an exception for malware scanning ( Definition based and SONAR /PTP) could be defined by a hash as well. So we can create our own whitelist, that can be used in the complete network. This whitelist could be used for each module.
filehash1 exception for AV + SONAR / PTP
filehash2 exception for AV + SONAR / PTP + FIREWALL + APPLICATION CONTROL
filehash3 exception for APPLICATION CONTROL
Additionally a certification based exception would be usefull too. Files that were signed by predefined CA's could be excepted as well.