Environment
- App Control Agent: All Supported Versions
- App Control Console: All Supported Versions
Symptoms
Agent enforcing blocks on multiple files with different file paths/names, but the same hash value in all of them:
- SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
- SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
- MD5: D41D8CD98F00B204E9800998ECF8427E
Cause
By default, the Agent does not track empty files (0 Bytes), no matter what the file extension is.
Resolution
Verify a File Rule banning the hash does not exist:
- Log in to the Console and navigate to Rules > Software Rules > Files.
- Search for the relevant hashes:
- If necessary change the Ban to an Approval.
Verify the file on the endpoint is not a 0KB file:
- Get the full path from the relevant Execution Block and use PowerShell to issue the following command:
Get-FileHash "C:\Path\To\file.dll"
- If the hash does not match what was reported by the Agent, initiate a Cache Check and choose the option to Rescan Known Files:
Additional Notes
- The hash: E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 is considered Trusted and Reputation is 10
- VT has reported, hash is clean: VirusTotal
Related Content