1 Reply Latest reply on May 23, 2016 2:12 AM by tomz2

    Exclusion based on file hash

    mtorabi

      Hi,

      I know its possible to exclude a file or folder using On-Access Default Processes Policies
      but my question is about, how to exclude a file based on the file hash, is it possible at all?

      I'm looking for this because i really think users can exclude some restricted apps using renaming the app, so this will be a security issue for us! Any Idea?

      Thank you!

        • 1. Re: Exclusion based on file hash
          tomz2

          What exactly are you trying to prevent users from doing? If you're trying to prevent them from executing apps, VSE isn't going to do that. By excluding files in On-Access scanning, you are telling the scanner to not look at them when they are being read / written to disk. VSE does not let you make hash based exclusions. I don't think though that excluding files is actually what you are looking for.

           

          If you're trying to prevent users from running applications then you'd be best to look at something like McAfee Application Control which will ensure that only whitelisted applications are allowed to execute and make changes. If you want to search your environment for files based on hash, in real time, you can look at McAfee Active Response. Active Response can also be used to based on the results of a search execute defined actions that could do things like remove the file, or anything that an administrator writes the appropriate script / action for.

          1 of 1 people found this helpful