Hi @AnnaH,

Thank you for reaching out to us over Community Channel. To answer your queries, Yes it is possible over McAfee Endpoint security to block MD5 Hash through Access Protection rule. However there will an impact in the performance. If you have received a list of hash values/advisory/URL , Kindly log a case and our Malware Team can share the coverage details. This will Provide coverage and will also not impact your system performance,

1. How to add IOC hash to the environment?  (Add hash values to the block list)-   I am adding the document, on how to block the Hash through AP(Access Protection). However i would still advise you to log an Service request and get the coverage details. 
2. How long will it take for the hash to be recognized? Once you add the hash through AP rule and policy is applied to to the system, it  will be instantaneous. Application of policy will take max 60 mins if the system is communicating to ePO.
3. How to create alert for it - if such a hash will appear but McAfee will block it anyway? You can refer to threat event log or schedule a report through ePO.
   Report Name- Endpoint Security Threat Prevention: Detection Response Summary
   
   
4. Can I block URL by Mcafee? To block URL, you are advised to reach out to Reach out to your organization NOC team, so that they can block the URLs there.
   However if you use McAfee ENS Web Control, you cans till block the URLs, but the recommended mode will be through your NOC team.
   
   
5. It is possible to scan whole environment for such a hash? When you have blocked the Hash through AP rule, incase these Hash files are detected in the environment, you will see the details under threat event for Access Protection.
   
   

    

   Was my reply helpful?

   If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!