Endpoint Protection

Dear,

I have 2 SEPM console in version 14.0.3752.1000 with sep clients versions 12.6 and 14, and is possible to block a malware with the sha-256 ? 

For example:

Indicators of Compromise (IoCs):
Related Hashes (SHA-256):

a3f2c60aa5af9d903a31ec3c1d02eeeb895c02fcf3094a049a3bdf3aa3d714c8 — TROJ_KILLMBR.EE
1a09b182c63207aa6988b064ec0ee811c173724c33cf6dfe36437427a5c23446 — TROJ_KILLDISK.IUE

Information from VirusTotal :

52 engines detected this file
SHA-256    a3f2c60aa5af9d903a31ec3c1d02eeeb895c02fcf3094a049a3bdf3aa3d714c8
File name    a3f2c60aa5af9d903a31ec3c1d02eeeb895c02fcf3094a049a3bdf3aa3d714c8.sample
File size    5.16 MB
Last analysis    2018-08-28 00:23:16 UTC

Basic Properties
MD5    9e33143916f648ec338f209eb0bd4789
SHA-1    2aa3803869edee7fa1ab7cf96d992ccfecc89e7b
Authentihash    7f134feb57a6af2d93c5276d25048704fecf1255fc22d873b18c16197f920557
Imphash    897a03097ab87dec1d9be48d739a8168
File Type    Win32 EXE
Magic    PE32 executable for MS Windows (GUI) Intel 80386 32-bit
SSDeep    24576:RFquItQkg9t8RLlwGcGZ7fgOUe9UEnc1ykkkVVqWyvLMekOc:RF3ItQz9pda7f35ncIsbHyIe
TRiD    Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (

Can block by MD5 only:

https://www.symantec.com/docs/TECH97618

Hi Tokyo2040

Symantec already detects both of those files as Trojan.Wipeboot. 

MD5 9e33143916f648ec338f209eb0bd4789
SHA256 a3f2c60aa5af9d903a31ec3c1d02eeeb895c02fcf3094a049a3bdf3aa3d714c8

MD5 c1831baa5505f5a557380e0ab3f60f48
SHA256 1a09b182c63207aa6988b064ec0ee811c173724c33cf6dfe36437427a5c23446

You can of course create an ADC policy to block them via that method as well, but it should not be necessary.