This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AV feature request - Custom hash signature?

Request:

Can we have a facility within the endpoint console where we can add a hash of a file that we want the endpoint to quarentine/delete. This will allow us to deal with suspected viruses/malware while we are waiting for submissions to Sophos to be defined and updates distributed?

This thread was automatically locked due to age.

Parents

0 QC over 9 years ago
Hello JohnWilliams,
would be useful but I doubt that it would mesh with the scanning strategy. Calculating the hash is not the first step (if it's done at all) when assessing a file - we all want scanning to be fast and efficient. Personally I see only two ways it could be done:
a "crisis mode" where the scanner does calculate the hash for all files scanned - this would have a significant negative impact on performance
a tool which can create an "emergency IDE" that fits in with the scanning engine - but such a tool, if it exists, is likely a corporate secret
Both additionally require a mechanism for distribution via SEC
Christian
[I'm not Sophos]
:57642
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 9 years ago
Hello JohnWilliams,
would be useful but I doubt that it would mesh with the scanning strategy. Calculating the hash is not the first step (if it's done at all) when assessing a file - we all want scanning to be fast and efficient. Personally I see only two ways it could be done:
a "crisis mode" where the scanner does calculate the hash for all files scanned - this would have a significant negative impact on performance
a tool which can create an "emergency IDE" that fits in with the scanning engine - but such a tool, if it exists, is likely a corporate secret
Both additionally require a mechanism for distribution via SEC
Christian
[I'm not Sophos]
:57642
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data