Endpoint Protection

 View Only
  • 1.  md5 hash SEP

    Posted Jan 16, 2013 02:19 PM

    good

    I have implemented SEP 12, my question is if I can set a policy that I check the md5 hash, ie if it is modified block

    thank you very much



  • 2.  RE: md5 hash SEP

    Posted Jan 16, 2013 02:24 PM

    You can use and application and device control policy to block or allow software by hash value

    This article should help in setting up hash blocking/allowing:

    How to use Application and Device Control to limit the spread of a threat.

    Article:TECH93451  |  Created: 2009-01-15  |  Updated: 2012-04-24  |  Article URL http://www.symantec.com/docs/TECH93451

     



  • 3.  RE: md5 hash SEP
    Best Answer

    Posted Jan 16, 2013 10:28 PM

    Hi,

    Yes you can Block or allow software using MD5 hash value.

     

    How to use Symantec Endpoint Protection to block or log legitimate but unauthorized software usage

    Article:TECH97618  |  Created: 2009-01-20  |  Updated: 2009-01-20  |  Article URL http://www.symantec.com/docs/TECH97618
     

     

    How to use Application and Device Control to limit the spread of a threat.

    Article:TECH93451  |  Created: 2009-01-15  |  Updated: 2012-04-24  |  Article URL http://www.symantec.com/docs/TECH93451
     

    Check this thread

    https://www-secure.symantec.com/connect/forums/how-block-applications-sep-using-md5



  • 4.  RE: md5 hash SEP

    Trusted Advisor
    Posted Jan 17, 2013 06:02 AM

    Hi Julrendo,

    Thumbs up to the articles above that the SEPM will block via an MD5 hash. Unfortunatly it will not update itself if these hashes are modified or adjusted they have to be put in manually.

    So if a version of a program gets upgated a new MD5 hash will have to be included in the policy to block it.



  • 5.  RE: md5 hash SEP

    Posted Jan 17, 2013 10:14 AM

    Good.

     

    Does Symantec only works with the MD5 hash algorithm?. O also supports other algorithms as

     

    MD4:                                                                         
    SHA 160bit (SHA1):           
    SHA 256bit:                          
    SHA 384bit:                          
    SHA 512bit: 
     
    Thanks.


  • 6.  RE: md5 hash SEP

    Posted Jan 17, 2013 10:25 AM

    as far as I know MD5 only



  • 7.  RE: md5 hash SEP

    Trusted Advisor
    Posted Jan 17, 2013 10:46 AM

    You can also block by file extension name if the program keeps the file name the same. But if the file name or extension changes you'd need to add it to the SEP policy.



  • 8.  RE: md5 hash SEP

    Posted Jan 17, 2013 11:09 AM

    HI,

    No it's only work on MD5 hash value.