3 Replies Latest reply on Mar 7, 2017 6:48 PM by epoNovice

    HOST IPS Query - Detecting HASH values & testing


      Hi All,


      I've asked to use HIPS to try and detect a group of HASH values we have been sent.


      I have been able to esit the Host IPS policy in EPO.  I've created a custom rule and a sub rule which has my HASH values added.  (i've also made sure the High's are set to prevent in the other rule).


      When I enter the HASH values I was under the impression this goes in the "fingerprint" field.  This filed is 32 characters long which is standard for a MD5 Hash I think ?? however the HASH values I've been given are much longer.


      Do i need to condense them somehow or just put in the first 32 characters ?


      Providing I get that right do you know of a way to test the value to see if the rule actually triggers and prevents/detects it being invoked ?


      Thanks all