Views:
Server & Workload Protection can calculate the hash value of a malware file and display it on the Events & Reports Events Anti-Malware Events page. Because a particular piece of malware can go by several different names, the hash value is useful because it uniquely identifies the malware. You can use the hash value when looking up information about the malware from other sources.

Procedure

  1. Open the policy or computer editor that you want to configure.
  2. Click Anti-Malware Advanced.
  3. Under File Hash Calculation, clear the Default or Inherited check box. (Default is displayed for a root policy, and Inherited is displayed for child policies).
    • When Inherited is selected, the file hash settings are inherited from the current policy's parent policy.
    • When Default is selected, Server & Workload Protection does not calculate any hash values.
  4. Select the Calculate hash values of all anti-malware events.
  5. By default, Server & Workload Protection will produce SHA-1 hash values. If you want to produce additional hash values, you can select one or both of MD5 and SHA256.
  6. You can also change the maximum size of malware files that will have hash values calculated. The default is to skip files that are larger than 128MB, but you can change the value to anything between 64 and 512 MB.