To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

How is sha256 calculated on "Application control" "Target SHA256"

Options
Nmjaat
Nmjaat W/ Member Posts: 7 Junior Protector
edited October 2023 in Elements Endpoint Protection

On Windows 11 have

certutil -hashfile "C:\Windows\write.exe" sha1
SHA1 hash of C:\Windows\write.exe:
a6deac3526d77005c62184ad3e8d9e615a0f511f
CertUtil: -hashfile command completed successfully.

On apllication control i have:

And it works:

But if i make

certutil -hashfile "C:\Windows\write.exe" sha256
SHA256 hash of C:\Windows\write.exe:
82e903f055e7f93b403c3758650c0f89a73716dd1b7d1add120b9336a00b8958
CertUtil: -hashfile command completed successfully.

On apllication control i have:

and it does not work, write.exe is not blocked.

So how does the sha256 works?

Answers

  • LiselotteP
    LiselotteP W/ Staff, W/ Community Manager Posts: 299 Community Manager
    Options

    Hi @Nmjaat,

    Thank you for reaching out through the Community!

    I've spoken to a member of our Windows Security team, who has informed me that it is not blocked because sha256 is not yet globally enabled due to low coverage in Security Cloud.

    Rest assured that this will be enabled in the near future, however, unfortunately I do not have a timeframe at this time.

    If you would like, we can we can manually change your systems to sha256 world.

    Please do get back to me if this would be a suitable solution for you.

    Thanks for your patience!

    Liselotte

This discussion has been closed.