cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Linuxxo
Level 11
Report Inappropriate Content
Message 1 of 5

ODS to find files based on hashes

Jump to solution

Hi,

I am aware that it may be possible to look for files using the OSD and the unwanted program option, but there is a new threat that does not use names for some of the files, and the only thing we have is the hash value.

The Access Protection policy has already been configured, but I am assuming that it would only work if the user tries to access the file. In our case, we want to scan all the machines to see if we can locate those files based on the hashes.

Thanks

1 Solution

Accepted Solutions
harshgautam
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: ODS to find files based on hashes

Jump to solution

Hi @Linuxxo 

Thank you for reaching out to McAfee Community. 

Regarding your query, you can log a Service Request through support portal and submit the hash file.

We can analyze the hash and update you regarding coverage.

Also if you want to block MD5 hash through access protection, I am attaching a document, which might help you.

Thanks & regards,
Harsh Gautam
Technical Support Engineer | Customer Success Group

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

View solution in original post

4 Replies
yaz
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: ODS to find files based on hashes

Jump to solution

Hi @Linuxxo 

Thank you for reaching out to McAfee Community.

If the hashes are already present or covered in our DAT/AMCORE or present in cloud (GTI or Real Protect), it will be detected.

As per access protection, access to the file will be blocked. 

If hash value is known, a report can be generated in the ePO by setting up MD5 hash as filter and this in turn identifies all the machines in place. 

Was my reply helpful?

If Yes, please give me a Kudo. If I have answered your query, kindly mark this as solution so that together we help other community members. 

Linuxxo
Level 11
Report Inappropriate Content
Message 3 of 5

Re: ODS to find files based on hashes

Jump to solution

Hi Yaz,

Many thanks for your reply, but I may need some clarifications. Regarding the DAT/AMCORE or GTI/Real Protect is there a way to verify if the hash is present?

Regarding the report, I am assuming that it will generate a report based on the MD5 hash only if the user attempted to access the file and blocked, am I correct?

Thanks again.

 

harshgautam
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: ODS to find files based on hashes

Jump to solution

Hi @Linuxxo 

Thank you for reaching out to McAfee Community. 

Regarding your query, you can log a Service Request through support portal and submit the hash file.

We can analyze the hash and update you regarding coverage.

Also if you want to block MD5 hash through access protection, I am attaching a document, which might help you.

Thanks & regards,
Harsh Gautam
Technical Support Engineer | Customer Success Group

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

View solution in original post

Sivakumar1
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: ODS to find files based on hashes

Jump to solution

Hello @Linuxxo 

 

Thank you for your post. We could definitely check on the hashes whether its covered or not. Please help us with the list of Hashes . And with regards to Access protection policy, report gets generated based on the operations we set up in the sub rule. Basically there are eight operations in the sub rule [ Change read-only or hidden attributes, Create, Delete, Execute, Change permissions, Read, Rename, Write]. If any of operation matches, reports will be generated.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community