cancel
Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor haaris
Reliable Contributor
Report Inappropriate Content
Message 1 of 9

Geenrating report in EPO on hash value of Virus

Can we generate a report in MCAfee epo for the virus detected by VSE by its hash value..For eg there is a virus RDN/Generic BackDoor having its hash value 9A5FA5C5F3915B2297A1C379BE9979F0 ..I am able to generate the report by the Threat Name but not by its HASH value..

Can anyone plz suggest.....

RDN/Generic   BackDoor
8 Replies
Reliable Contributor haaris
Reliable Contributor
Report Inappropriate Content
Message 2 of 9

Re: Geenrating report in EPO on hash value of Virus

Can anyone tell me if they have any idea??

Highlighted

Re: Geenrating report in EPO on hash value of Virus

Hi, you can find MD5, it is in a section on it's own... set filter on this value.

Thanks

Reliable Contributor haaris
Reliable Contributor
Report Inappropriate Content
Message 4 of 9

Re: Geenrating report in EPO on hash value of Virus

Thanks for your answer....

I can see MD5 option..What about SHA-1 & SHA-256.There is no option for that..So If I had Hash of these types then how will I generate report..

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 5 of 9

Re: Geenrating report in EPO on hash value of Virus

Those are not available, so you would not be able to report on those hashes.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Reliable Contributor haaris
Reliable Contributor
Report Inappropriate Content
Message 6 of 9

Re: Geenrating report in EPO on hash value of Virus

Thanks for the confirmation... But it should be available

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 7 of 9

Re: Geenrating report in EPO on hash value of Virus

That would only be available if VirusScan or ENS has the ability to report on sha hashes vs md5, so that is a point product issue.  I am checking to see if McAfee Active Response reports on that or not, I will let you know.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 8 of 9

Re: Geenrating report in EPO on hash value of Virus

MAR won't help either, because it doesn't report on detected items, only potential threats.  So, you would need to submit that capability under the ideas forum.  Please refer to kb60021.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Reliable Contributor haaris
Reliable Contributor
Report Inappropriate Content
Message 9 of 9

Re: Geenrating report in EPO on hash value of Virus

Thanks for your effort..

I checked on the McAfee idea forum there is already an idea raised for the same with the name

Add SHA-256 to event queries

'

McAfee ePO Support Center Plug-in
Check out the new McAfee ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.