App Control: Allow multiple hash algorithms simultaneously
Current settings allow specifying only one hash algorithm before creating any AC rules. There is an increase in the use of indicators of compromise (IOCs) which some customers use to protect against emerging or existing threats. Usually those IOCs will contain hash values of known-bad files (malware) to be imported and blocked. However, depending on the intelligence source, such hash values can be based off various hashing algorithms, which will be a problem for DriveLock customers who are using a different hash algorithm. The suggestion is to support the use of multiple hash algorithms at the same time both when scanning endpoints and when manually creating blacklist/whitelist rules. Among the suggested and most commonly used algorithms are MD5, SHA1 and SHA256.
Mohamad Ashokaibi
shared this idea
