cancel
Showing results for 
Search instead for 
Did you mean: 

Exclusion based on file hash

Hi,

I know its possible to exclude a file or folder using On-Access Default Processes Policies
but my question is about, how to exclude a file based on the file hash, is it possible at all?

I'm looking for this because i really think users can exclude some restricted apps using renaming the app, so this will be a security issue for us! Any Idea?

Thank you!

1 Reply
tomz2
Level 11
Report Inappropriate Content
Message 2 of 2

Re: Exclusion based on file hash

What exactly are you trying to prevent users from doing? If you're trying to prevent them from executing apps, VSE isn't going to do that. By excluding files in On-Access scanning, you are telling the scanner to not look at them when they are being read / written to disk. VSE does not let you make hash based exclusions. I don't think though that excluding files is actually what you are looking for.

If you're trying to prevent users from running applications then you'd be best to look at something like McAfee Application Control which will ensure that only whitelisted applications are allowed to execute and make changes. If you want to search your environment for files based on hash, in real time, you can look at McAfee Active Response. Active Response can also be used to based on the results of a search execute defined actions that could do things like remove the file, or anything that an administrator writes the appropriate script / action for.