1 of 1 people found this helpful
Firewall rules that are built locally on clients (either manually, via Learn mode, or via Adaptive mode) automatically obtain and use the MD5 hash of applications. When you import these rules into your firewall policy, you need to make a decision whether this rule will retain the MD5 hash or remove it. This applies to other application information as well, like the full path name of the application.
If you decide to keep the MD5 hash of an application, the rule will only work for that specific build of the application. If you have other application versions, with the same filename, in your environment, you would need to add more firewall rules for the same application and change the MD5 hash.
If you decide NOT to keep the MD5 hash of an application, the rule will work any application with the same path or name.
If you decide to keep the full path of the application (e.g., "C:\Program Files\Internet Explorer\Iexplore.exe"), the firewall rule will only work for the application in that specific path. Or you can decide to not use the path and only use the application name, which would match the application by filename only (e.g., "Iexplore.exe")
It's all about how you decide to build your firewall rules by applying specific or non-specific information. The more specific information you put in the firewall rule, the more firewall rules you will need for other versions/path names of that application, and vice-versa.
Typos corrected on 10/18/10 2:17:07 PM CDT
Thanks Kary - that certainly clears things up.