This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AV feature request - Custom hash signature?

Request:

Can we have a facility within the endpoint console where we can add a hash of a file that we want the endpoint to quarentine/delete. This will allow us to deal with suspected viruses/malware while we are waiting for submissions to Sophos to be defined and updates distributed? 

:57640


This thread was automatically locked due to age.
Parents
  • Hello JohnWilliams,

    would be useful but I doubt that it would mesh with the scanning strategy. Calculating the hash is not the first step (if it's done at all) when assessing a file - we all want scanning to be fast and efficient. Personally I see only two ways it could be done:

    • a "crisis mode" where the scanner does calculate the hash for all files scanned - this would have a significant negative impact on performance
    • a tool which can create an "emergency IDE" that fits in with the scanning engine - but such a tool, if it exists, is likely a corporate secret

    Both additionally require a mechanism for distribution via SEC

    Christian

    [I'm not Sophos]

    :57642
Reply
  • Hello JohnWilliams,

    would be useful but I doubt that it would mesh with the scanning strategy. Calculating the hash is not the first step (if it's done at all) when assessing a file - we all want scanning to be fast and efficient. Personally I see only two ways it could be done:

    • a "crisis mode" where the scanner does calculate the hash for all files scanned - this would have a significant negative impact on performance
    • a tool which can create an "emergency IDE" that fits in with the scanning engine - but such a tool, if it exists, is likely a corporate secret

    Both additionally require a mechanism for distribution via SEC

    Christian

    [I'm not Sophos]

    :57642
Children
No Data