Malicious files which tool should I use to identify and report?
I would suggest posting this to the ePolicy Orchestrator forum.
1. You can use Policy Auditor File Integrity Monitor to scan computers and query the database of files it finds by hash - but that only works after scans are run and those scans are VERY CPU intensive.
2. You can use HIPS to block MD5 hashes - but that only works when the file is opened by the user.
3. VirusScan will only scan FILENAMES, not hashes.
That's it. You're better off using other tools if you want to proactively scan for hashes.
Not yet, but stay tuned. There's a product release that will effectively give you this ability VERY easily.
At the moment it is native to Solidcore / Application Control.
You can block files by MD5 Hash in Application Blocking. Not really a "querying tool" but it might meet your desired intent.
Yep, thanks Scott. The policy for my client is to not block but they do want to search for those hashes.
We've had some success with Policy Auditor (File Integrity Monitor) but there are limitations witih that tool.
We have had issues with FIM as well. You may be better served using some other commercial tool. (Tripwire, Qualys, etc)