cancel
Showing results for 
Search instead for 
Did you mean: 

How to block the Hashes in epo server.

We have received the blocked hashes and how to blocked it on EPO.
4 Replies
McAfee Employee LKS
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: How to block the Hashes in epo server.

Hi User54256085,

Are you trying to block execution of an MD5 hash executable?  If so, create an Access Protection rule, and in the Subrule, use the PROCESSES engine and the RUN operation, then specify the Executable by MD5 hash only.

 
Highlighted
McAfee Employee Thussain
McAfee Employee
Report Inappropriate Content
Message 3 of 5

Re: How to block the Hashes in epo server.

Thank you for posting your query 

Are these hashes for executable files?

If yes, you may use Access protection rules to configure blocking of files based on hash value

In ePO, go to policy catalog, select Access protection rules 

Under the Rules Section click ADD and type the details and provide the hash value

Then add the subrule as shown below

Hash Based Exclusions.PNGhash Based Exclusions_Subrule.PNG

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
McAfee Employee AdithyanT
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: How to block the Hashes in epo server.

Hi @User54256085 

Thank you for your post!

I would like to confirm my understanding. You have received a list of hashes that are meant to be blocked. You are trying to implement the block operation using ePO.

Since you have posted the query in ePO forum, I am unable to capture the product in question. We can block hashes using Access protection feature which is available in ENS (Endpoint Security). We have other technologies that can be used as well if you have a TIE configured and if ATP is being used.

But, I would like to start from scratch to understand the requirement here. First, are these hash values taken off from malicious files? If yes, then first step here is to open a Service request with us and confirm if McAfee has coverage for these hashes or not.

If the answer is no for one or more hashes, Now you can think about the product and components to be used to block these hashes. If you are using ENS, you can follow the above suggestions and it should work like a charm. Please remember Access protection is a bit tricky and blocking "files" and "executables/processes" are 2 completely different things we deal with. I have explained it previously in this post if you would like to known in detail.

Please remember blocking using hash is not possible using VSE (VirusScan Enteprise) Access Protection. ENS allows use of MD5 hashes ONLY.

I sincerely hope this is helpful in reaching a solution for you.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: How to block the Hashes in epo server.

I am also going to move this thread to the ens team.  It also depends on the products you are using.  If using TIE and Active Response, there is a better chance of doing that based on your hashes.  But it can also be done through ENS.  They can provide better guidance.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community